From ccca8108507812f2c640cc59afc0c4807d9f9ae4 Mon Sep 17 00:00:00 2001 From: Aristofanis Chionis Date: Mon, 31 Jul 2023 01:34:37 +0200 Subject: [PATCH 1/3] ADD: Support for passive attacks on Dionaea honeypots --- README.md | 7 + honeyscanner/Pipfile | 2 +- honeyscanner/Pipfile.lock | 2 +- .../active_attacks/attack_orchestrator.py | 4 - .../bombs_DO_NOT_EXTRACT/README.md | 14 - .../med_not_a_tar_bomb.tar | Bin 3072 -> 0 bytes .../bombs_DO_NOT_EXTRACT/not_a_tar_bomb.tar | Bin 3072 -> 0 bytes .../small_not_a_tar_bomb.tar | Bin 3072 -> 0 bytes .../active_attacks/ssh_keep_aliver.py | 67 - .../tarbombs/bombs_DO_NOT_EXTRACT.zip | Bin 0 -> 2167 bytes honeyscanner/core.py | 8 +- honeyscanner/honeypots/__init__.py | 3 +- honeyscanner/honeypots/dionaea.py | 29 + honeyscanner/main.py | 8 +- .../trivy_scan_results_dionaea.json | 15743 ++++++++++++++++ .../container_security_scanner.py | 2 + .../passive_attacks/results/all_cves.txt | 336 - .../results/metasploit_modules.txt | 2 - .../dionaea_0.11.0_analysis.json | 441 + .../dionaea-0.11.0-vulnerabilities.json | 15 + .../dionaea-0.11.0-requirements.txt | 3 + .../vuln_analyzer/vuln_analyzer.py | 70 +- .../reports/report_dionaea_passive.txt | 87 + 23 files changed, 16340 insertions(+), 503 deletions(-) delete mode 100644 honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/README.md delete mode 100644 honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/med_not_a_tar_bomb.tar delete mode 100644 honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/not_a_tar_bomb.tar delete mode 100644 honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/small_not_a_tar_bomb.tar delete mode 100644 honeyscanner/active_attacks/ssh_keep_aliver.py create mode 100644 honeyscanner/active_attacks/tarbombs/bombs_DO_NOT_EXTRACT.zip create mode 100644 honeyscanner/honeypots/dionaea.py create mode 100644 honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_dionaea.json create mode 100644 honeyscanner/passive_attacks/static_analyzer/analysis_results/dionaea_0.11.0_analysis.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/analysis_results/dionaea-0.11.0-vulnerabilities.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/requirements_files/dionaea-0.11.0-requirements.txt create mode 100644 honeyscanner/reports/report_dionaea_passive.txt diff --git a/README.md b/README.md index 8062486..518f399 100644 --- a/README.md +++ b/README.md @@ -63,10 +63,14 @@ The following instructions will guide you through the process of setting up Hone - If you prefer to test Honeyscanner against [Kippo](https://github.com/desaster/kippo), you can use the following Docker Image in DockerHub [here](https://hub.docker.com/r/aristofanischionis/kippo). +- For testing Honeyscanner against [Dionaea](https://github.com/DinoTools/dionaea), use the following Docker Image in DockerHub [here](https://hub.docker.com/r/dinotools/dionaea). + - After running a Honeypot using Docker containers locally, you will be able to specify the following parameters: `--target_ip 127.0.0.1 --port 2222` when running the Honeyscanner. > **__NOTE__:** NEVER RUN `Honeyscanner` AGAINST HONEYPOTS YOU DO NOT OWN, OR YOU DO NOT HAVE EXPLICIT PERMISSION TO TEST. +> **__NOTE__:** Currently `Honeyscanner` cannot actively attack the `Dionaea` honeypot, it can only use its passive scanners and discover vulnerabilities and CVEs. + ## Usage Use the following examples as a reference for how to run `Honeyscanner`: @@ -77,6 +81,9 @@ python3 main.py --honeypot cowrie --honeypot_version 2.5.0 --target_ip 127.0.0.1 ```bash python3 main.py --honeypot kippo --honeypot_version 0.9 --target_ip 127.0.0.1 --port 2222 ``` +```bash +python3 main.py --honeypot dionaea --honeypot_version 0.11.0 --target_ip 127.0.0.1 --port 2323 +``` ## Contributors diff --git a/honeyscanner/Pipfile b/honeyscanner/Pipfile index c967f6a..386c54b 100644 --- a/honeyscanner/Pipfile +++ b/honeyscanner/Pipfile @@ -15,4 +15,4 @@ boofuzz = "*" [requires] python_version = "3.9" -python_full_version = "3.9.12" +python_full_version = "3.9.12" \ No newline at end of file diff --git a/honeyscanner/Pipfile.lock b/honeyscanner/Pipfile.lock index 58cf5d7..885ad7c 100644 --- a/honeyscanner/Pipfile.lock +++ b/honeyscanner/Pipfile.lock @@ -630,4 +630,4 @@ } }, "develop": {} -} +} \ No newline at end of file diff --git a/honeyscanner/active_attacks/attack_orchestrator.py b/honeyscanner/active_attacks/attack_orchestrator.py index 08baeb8..741d6bf 100644 --- a/honeyscanner/active_attacks/attack_orchestrator.py +++ b/honeyscanner/active_attacks/attack_orchestrator.py @@ -3,7 +3,6 @@ from .fuzzing import Fuzzing from .software_exploit import SoftwareExploit from .tar_bomb import TarBomb -# from ssh_keep_aliver import SSHKeepAliver # from .honeypot_port_scanner.honeypot_port_scanner import HoneypotPortScanner class AttackOrchestrator: @@ -14,7 +13,6 @@ def __init__(self, honeypot): TarBomb(honeypot), # should be rechecked, works but doesn't crash the honeypot SoftwareExploit(honeypot), # Successfully ran! - not managed to exploit something DoS(honeypot) # Successfully ran! - crashes the honeypot - # SSHKeepAliver(honeypot) # Not working yet... I don't know if I should keep it ] self.results = [] @@ -52,6 +50,4 @@ def generate_report(self): report += f" Exploits used are saved in: {result[3]}\n\n" elif attack_name == "TarBomb": report += f" Number of bombs used: {result[3]}\n\n" - # elif attack_name == "SSHKeepAliver": - # report += f" Number of keep-alive packets sent: {result[3]}\n\n" return report diff --git a/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/README.md b/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/README.md deleted file mode 100644 index f79c120..0000000 --- a/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# TAR Bomb for reasearch academic project - -Please do not extract - -- To create it: -1. dd if=/dev/zero of=sparse_file bs=1 count=0 seek=10T -2. tar -cf not_a_tar_bomb.tar sparse_file - -- To extract: -1. tar -xf not_a_tar_bomb.tar - -big one: "1Chow8Qh-bUb_LCqJzeTdN1PNmWlZ6kyi" -medium: "1GVPnsQIkyUJqEQFR3vYxmkbvM3B0uS4g" -small: "1Jc60r-D33DUF2TErY3qNhWpk0xFJB_kE" \ No newline at end of file diff --git a/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/med_not_a_tar_bomb.tar b/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/med_not_a_tar_bomb.tar deleted file mode 100644 index dd8f06138458daca4a014656905ddfca8f5a767d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3072 zcmeHH!D_=W49(eJ;V(!f*>T!Ku4_+YFnS(lbEr#`3_F9eub)URNjG-tIznw96h8?? zde-xkJ@1@-b72+VZHVrr_9vHJcL9LWT4roZQw$bpJTnCRO%k;xByCD4BoHW6nLJ;& zjGwc8#NGxj%?2O)uC}d@uLs|;na6WjUC*J}Y3KyT=78-&7NLy((^Z8s>k>9d+=oyg zo8C9BLbE0^N^exIpg?w$7DRIUxX;IV$s2p@LWP&8ZyDuGIE`&B=bX%$P-f~5&Yr#( zvk)Q|S|;D*^C0{O)_o3t@(S=s{ic6p|AqdMu}s1(IK6lM3*bFdKZslKp8k;-NDL$f J5(EFrz!#Iib>#p6 diff --git a/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/not_a_tar_bomb.tar b/honeyscanner/active_attacks/bombs_DO_NOT_EXTRACT/not_a_tar_bomb.tar deleted file mode 100644 index 24d788b4ab325f88c0bb206cefe319db3eafe095..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3072 zcmeHHO-sZu5be3YBEO)%Nz-I=*sFRHK|D*)6tiqwNh&PAW;kg)}OwqVQ7x%REhL*itiKe-&GFmX~%Kj@}*5 z_OlW=SJx(A%XwVN&h3ZT;HfqAY~@V2jO`ugT#T7eX6cUJ9lq4E z5g0dHCO_rFMEq;!eF?wv3otc);y<$gg#U=33kjD%^}q990PiLHL0kg%d`CtgBajiu I2>dMqpRg@;XaE2J diff --git a/honeyscanner/active_attacks/ssh_keep_aliver.py b/honeyscanner/active_attacks/ssh_keep_aliver.py deleted file mode 100644 index e1b33a4..0000000 --- a/honeyscanner/active_attacks/ssh_keep_aliver.py +++ /dev/null @@ -1,67 +0,0 @@ -import paramiko -import time -from .base_attack import BaseAttack - -class SSHKeepAliver(BaseAttack): - PACKETS_PER_MINUTE = 5 - TARGET_TOTAL_TIME = 250 - KEEP_ALIVE_INTERVAL = 60 - - def __init__(self, honeypot): - super().__init__(honeypot) - self.client = paramiko.SSHClient() - self.client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - self.packets_sent = 0 - self.total_time = 0 - - def connect(self): - """ - Establishes an SSH connection with the honeypot. - """ - print("Connecting to the honeypot...") - self.client.connect( - self.honeypot.ip, - port=self.honeypot.port, - username=self.honeypot.username, - password=self.honeypot.password - ) - transport = self.client.get_transport() - transport.set_keepalive(self.KEEP_ALIVE_INTERVAL) - - def send_keep_alive_packets(self): - """ - Sends keep-alive packets at regular intervals to keep the SSH session alive. - """ - print("Sending keep-alive packets...") - session = self.client.invoke_shell() - - try: - start_time = time.time() - while time.time() - start_time < self.TARGET_TOTAL_TIME: - session.send("echo 'keep_alive'\n") - print("Sent keep-alive packet.") - self.packets_sent += 1 - time.sleep(60 / self.PACKETS_PER_MINUTE) - self.total_time = time.time() - start_time - except KeyboardInterrupt: - print("Keyboard interrupt detected. Closing the session...") - session.close() - - def run_attack(self): - """ - Initiates the attack by connecting to the honeypot and sending keep-alive packets. - """ - try: - self.connect() - self.send_keep_alive_packets() - return True, "SSH keep-alive attack successfully maintained the connection.", self.total_time, self.packets_sent - except paramiko.AuthenticationException: - return False, "Authentication failed. Check the credentials.", 0, 0 - except paramiko.SSHException as e: - return False, f"An SSH error occurred: {str(e)}", 0, 0 - except paramiko.ssh_exception.NoValidConnectionsError: - return False, "Unable to connect to the SSH server.", 0, 0 - except Exception as e: - return False, f"An error occurred: {str(e)}", 0, 0 - finally: - self.client.close() diff --git a/honeyscanner/active_attacks/tarbombs/bombs_DO_NOT_EXTRACT.zip b/honeyscanner/active_attacks/tarbombs/bombs_DO_NOT_EXTRACT.zip new file mode 100644 index 0000000000000000000000000000000000000000..ea2921bf3f418adc85cc66ac1bcfb15485d1ed1a GIT binary patch literal 2167 zcmWIWW@Zs#00Hyv>0w|7ln`Z5U`Wc(O)8Fe@sIcO4~ch;2nlj@4$%({;bma|?dzKI z2Z$>o4yBYtmHj;yZgW(pEk*PpwIb22txjMS|y6WYofX&wNcTL&( zvLeL>l&48(iyhT*oW1L~P|l)&M_Nt&g1lFB%uK z)yymZDS38X__1||tLFY`-yeRD{SH@t!f$yGj>***O#2RStGE8Ej1slGz2Qx6k&oVt zF4r9~D{{Y@>YTr%%+;C`^1SwE%(b$wQS;1C7H*rhe(~jXp{mw<-5)RbS#hWOh*nhS zT+@e#5B#{SF)Qy`b4gm+#lpZG{?rTSCKraC+Y=w)&Ca2v(D0EL7_^|^MFjjyhN+0S z!gtP1I zl9NR@L@g9mj!3#r=<><#o}}b!V;iTvFmKker5uKzo<2CTQRn!{`PJKZe|>lK`06ju zl0NzS-uRUi$>5-^`t90_sx1zet6H)IR){oC2~y^GAeo?8#(lkT(sz>`CzkGzxOBmM z9rw$hreAXS9$T!*JojW~pVGcJ@{R8mTlx39ZP?~^C8g&g!%~)ud<&oQ?p0baRVh@n z`<7JhN);jV^8Tw|QdV8d{k7v*a{h}Or)L(tdn@yNj_uZ1FUwwtmN|KJ7<|Lx*b<#Q*RLRi-7dRb*YdO3Zq&?|;sZ^5Rg)0>6WH_06T zzougUmOm+feJfJs-#9=dEYR`bUe4O3E4?BV7@r8aSns%Y zEkjF5dFv7;ZRT#Th37ht-2J;u;`Y*vpG&`+)_vKfSCyp|P(62=x9#0;)3(nq z`uXnj63x=pAY~#@@c>C+TV&BR~lb#86x;&Dy z048mAj@oq-zWsp*J0p__Gw!MaqznY!I)X?tD-MViu&M*OYy(vtFtDUC7?%}9S0n-6 z2)jU~C33C?m6kBDr1126D0n6&NtEq|uHUho$5dAIKJiat(6C hf^rQEENR@tg2Q5R^H6{{D;vmoRv@%sVqnk&^8onwB8LC~ literal 0 HcmV?d00001 diff --git a/honeyscanner/core.py b/honeyscanner/core.py index 770109a..c48a916 100644 --- a/honeyscanner/core.py +++ b/honeyscanner/core.py @@ -1,4 +1,4 @@ -from honeypots import Cowrie, Kippo +from honeypots import Cowrie, Kippo, Dionaea from passive_attacks import AttackOrchestrator as PassiveAttackOrchestrator from active_attacks import AttackOrchestrator as ActiveAttackOrchestrator from report_generator import ReportGenerator @@ -15,7 +15,8 @@ def __init__(self, honeypot_type, honeypot_version, honeypot_ip, honeypot_port, def create_honeypot(self, honeypot_type, honeypot_version, honeypot_ip, honeypot_port, honeypot_username, honeypot_password): honeypot_class_map = { 'cowrie': Cowrie, - 'kippo': Kippo, + 'kippo': Kippo, + 'dionaea': Dionaea, } if honeypot_type not in honeypot_class_map: supported_honeypots = ', '.join(honeypot_class_map.keys()) @@ -26,6 +27,9 @@ def run_all_attacks(self): # Passive attacks self.passive_attack_orchestrator.run_attacks() self.passive_attack_results = self.passive_attack_orchestrator.generate_report() + if (self.honeypot.name == "dionaea"): + print("Dionaea does not support active attacks yet, stay tuned for updates! Bye!") + return # Active attacks self.active_attack_orchestrator.run_attacks() self.active_attack_results = self.active_attack_orchestrator.generate_report() diff --git a/honeyscanner/honeypots/__init__.py b/honeyscanner/honeypots/__init__.py index 358f302..f4542ec 100644 --- a/honeyscanner/honeypots/__init__.py +++ b/honeyscanner/honeypots/__init__.py @@ -1,2 +1,3 @@ from .cowrie import Cowrie -from .kippo import Kippo \ No newline at end of file +from .kippo import Kippo +from .dionaea import Dionaea \ No newline at end of file diff --git a/honeyscanner/honeypots/dionaea.py b/honeyscanner/honeypots/dionaea.py new file mode 100644 index 0000000..80fcc67 --- /dev/null +++ b/honeyscanner/honeypots/dionaea.py @@ -0,0 +1,29 @@ +from .base_honeypot import BaseHoneypot + +class Dionaea(BaseHoneypot): + def __init__(self, version, ip, port, username='', password=''): + # Dionaee does not have a default username and password + if username is None: + username = '' + if password is None: + password = '' + super().__init__("dionaea", version, ip, port, username, password) + + def set_source_code_url(self): + return "https://github.com/DinoTools/dionaea/archive/refs/tags" + + # I manually inspected the Dockerfile provided from T-pot (https://github.com/telekom-security/tpotce/blob/master/docker/dionaea/Dockerfile) + # and I found all the python3 dependencies, then I inspected the date of the last release tag 30 Nov 2020 + # I could manually create the requirements file for all the versions, it could change just the packages version. + # But as there only 3 packages I figured out that is probably not worth the time. + + def set_versions_list(self): + return [ + { + "version": "0.11.0", + "requirements_url": "https://raw.githubusercontent.com/aristofanischionis/DinoTools-dionaea/main/requirements.txt", + } + ] + + def set_owner(self): + return "DinoTools" \ No newline at end of file diff --git a/honeyscanner/main.py b/honeyscanner/main.py index 3539934..176da15 100644 --- a/honeyscanner/main.py +++ b/honeyscanner/main.py @@ -29,8 +29,8 @@ def parse_arguments(): "--honeypot", type=sanitize_string, required=True, - choices=["cowrie", "kippo"], - help="Honeypot to analyze, currently supported: (cowrie and kippo)", + choices=["cowrie", "kippo", "dionaea"], + help="Honeypot to analyze, currently supported: (cowrie, kippo and dionaea)", ) parser.add_argument( "--honeypot_version", @@ -88,8 +88,4 @@ def main(): if __name__ == "__main__": main() -# Example run: python3 main.py --honeypot cowrie --honeypot_version 2.5.0 --target_ip 127.0.0.1 --port 2222 --username root --password 1234 -# Example run: python3 main.py --honeypot kippo --honeypot_version 0.9 --target_ip 127.0.0.1 --port 2222 --username root --password 123456 - -# TODO: see again the software exploit module, SUPER SLOW maybe I can somehow speed it up # TODO: fix the report \ No newline at end of file diff --git a/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_dionaea.json b/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_dionaea.json new file mode 100644 index 0000000..971bef9 --- /dev/null +++ b/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_dionaea.json @@ -0,0 +1,15743 @@ +[ + { + "Target": "dinotools/dionaea (ubuntu 18.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2020-27350", + "PkgID": "apt@1.6.12ubuntu0.1", + "PkgName": "apt", + "InstalledVersion": "1.6.12ubuntu0.1", + "FixedVersion": "1.6.12ubuntu0.2", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27350", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "apt: integer overflows and underflows while parsing .deb packages", + "Description": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 5.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-27350", + "https://bugs.launchpad.net/bugs/1899193", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350", + "https://security.netapp.com/advisory/ntap-20210108-0005/", + "https://ubuntu.com/security/notices/USN-4667-1", + "https://ubuntu.com/security/notices/USN-4667-2", + "https://usn.ubuntu.com/usn/usn-4667-1", + "https://www.debian.org/security/2020/dsa-4808" + ], + "PublishedDate": "2020-12-10T04:15:00Z", + "LastModifiedDate": "2022-10-29T02:41:00Z" + }, + { + "VulnerabilityID": "CVE-2022-23491", + "PkgID": "ca-certificates@20201027ubuntu0.18.04.1", + "PkgName": "ca-certificates", + "InstalledVersion": "20201027ubuntu0.18.04.1", + "FixedVersion": "20211016ubuntu0.18.04.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "untrusted root certificates", + "Description": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from \"TrustCor\" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-345" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 6.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-23491", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23491", + "https://github.com/advisories/GHSA-43fp-rhv2-5gv8", + "https://github.com/certifi/python-certifi/commit/9e9e840925d7b8e76c76fdac1fab7e6e88c1c3b8", + "https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8", + "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23491", + "https://ubuntu.com/security/notices/USN-5761-1", + "https://ubuntu.com/security/notices/USN-5761-2", + "https://www.cve.org/CVERecord?id=CVE-2022-23491" + ], + "PublishedDate": "2022-12-07T22:15:00Z", + "LastModifiedDate": "2023-03-24T18:12:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1664", + "PkgID": "dpkg@1.19.0.5ubuntu2.3", + "PkgName": "dpkg", + "InstalledVersion": "1.19.0.5ubuntu2.3", + "FixedVersion": "1.19.0.5ubuntu2.4", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1664", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Dpkg::Source::Archive in dpkg, the Debian package management system, b ...", + "Description": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1664", + "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495", + "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5", + "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b", + "https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be", + "https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html", + "https://lists.debian.org/debian-security-announce/2022/msg00115.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1664", + "https://security.netapp.com/advisory/ntap-20221007-0002/", + "https://ubuntu.com/security/notices/USN-5446-1", + "https://ubuntu.com/security/notices/USN-5446-2" + ], + "PublishedDate": "2022-05-26T14:15:00Z", + "LastModifiedDate": "2022-12-03T02:19:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1304", + "PkgID": "e2fsprogs@1.44.1-1ubuntu1.3", + "PkgName": "e2fsprogs", + "InstalledVersion": "1.44.1-1ubuntu1.3", + "FixedVersion": "1.44.1-1ubuntu1.4", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", + "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8361", + "https://access.redhat.com/security/cve/CVE-2022-1304", + "https://bugzilla.redhat.com/2069726", + "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", + "https://errata.almalinux.org/9/ALSA-2022-8361.html", + "https://errata.rockylinux.org/RLSA-2022:8361", + "https://linux.oracle.com/cve/CVE-2022-1304.html", + "https://linux.oracle.com/errata/ELSA-2022-8361.html", + "https://marc.info/?l=linux-ext4&m=165056234501732&w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", + "https://ubuntu.com/security/notices/USN-5464-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1304" + ], + "PublishedDate": "2022-04-14T21:15:00Z", + "LastModifiedDate": "2023-02-12T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-34903", + "PkgID": "gpgv@2.2.4-1ubuntu1.3", + "PkgName": "gpgv", + "InstalledVersion": "2.2.4-1ubuntu1.3", + "FixedVersion": "2.2.4-1ubuntu1.6", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-34903", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Signature spoofing via status line injection", + "Description": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V2Score": 5.8, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2022/07/02/1", + "https://access.redhat.com/errata/RHSA-2022:6602", + "https://access.redhat.com/security/cve/CVE-2022-34903", + "https://bugs.debian.org/1014157", + "https://bugzilla.redhat.com/2102868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2102868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903", + "https://dev.gnupg.org/T6027", + "https://errata.almalinux.org/9/ALSA-2022-6602.html", + "https://errata.rockylinux.org/RLSA-2022:6602", + "https://linux.oracle.com/cve/CVE-2022-34903.html", + "https://linux.oracle.com/errata/ELSA-2022-6602.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-34903", + "https://security.netapp.com/advisory/ntap-20220826-0005/", + "https://ubuntu.com/security/notices/USN-5503-1", + "https://ubuntu.com/security/notices/USN-5503-2", + "https://www.cve.org/CVERecord?id=CVE-2022-34903", + "https://www.debian.org/security/2022/dsa-5174", + "https://www.openwall.com/lists/oss-security/2022/06/30/1" + ], + "PublishedDate": "2022-07-01T22:15:00Z", + "LastModifiedDate": "2022-09-09T20:40:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1271", + "PkgID": "gzip@1.6-5ubuntu1", + "PkgName": "gzip", + "InstalledVersion": "1.6-5ubuntu1", + "FixedVersion": "1.6-5ubuntu1.2", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1271", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "arbitrary-file-write vulnerability", + "Description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:4940", + "https://access.redhat.com/security/cve/CVE-2022-1271", + "https://bugzilla.redhat.com/2073310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271", + "https://errata.almalinux.org/9/ALSA-2022-4940.html", + "https://errata.rockylinux.org/RLSA-2022:4940", + "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", + "https://linux.oracle.com/cve/CVE-2022-1271.html", + "https://linux.oracle.com/errata/ELSA-2022-5052.html", + "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1271", + "https://security-tracker.debian.org/tracker/CVE-2022-1271", + "https://security.gentoo.org/glsa/202209-01", + "https://security.netapp.com/advisory/ntap-20220930-0006/", + "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", + "https://ubuntu.com/security/notices/USN-5378-1", + "https://ubuntu.com/security/notices/USN-5378-2", + "https://ubuntu.com/security/notices/USN-5378-3", + "https://ubuntu.com/security/notices/USN-5378-4", + "https://www.cve.org/CVERecord?id=CVE-2022-1271", + "https://www.openwall.com/lists/oss-security/2022/04/07/8" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2022-10-07T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2020-27350", + "PkgID": "libapt-pkg5.0@1.6.12ubuntu0.1", + "PkgName": "libapt-pkg5.0", + "InstalledVersion": "1.6.12ubuntu0.1", + "FixedVersion": "1.6.12ubuntu0.2", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27350", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "apt: integer overflows and underflows while parsing .deb packages", + "Description": "APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V2Score": 4.6, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 5.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-27350", + "https://bugs.launchpad.net/bugs/1899193", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27350", + "https://security.netapp.com/advisory/ntap-20210108-0005/", + "https://ubuntu.com/security/notices/USN-4667-1", + "https://ubuntu.com/security/notices/USN-4667-2", + "https://usn.ubuntu.com/usn/usn-4667-1", + "https://www.debian.org/security/2020/dsa-4808" + ], + "PublishedDate": "2020-12-10T04:15:00Z", + "LastModifiedDate": "2022-10-29T02:41:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16860", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16860", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: S4U2Self with unkeyed checksum", + "Description": "A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-358" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html", + "http://seclists.org/fulldisclosure/2019/Aug/11", + "http://seclists.org/fulldisclosure/2019/Aug/13", + "http://seclists.org/fulldisclosure/2019/Aug/14", + "http://seclists.org/fulldisclosure/2019/Aug/15", + "https://access.redhat.com/security/cve/CVE-2018-16860", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860", + "https://nvd.nist.gov/vuln/detail/CVE-2018-16860", + "https://seclists.org/bugtraq/2019/Aug/21", + "https://seclists.org/bugtraq/2019/Aug/22", + "https://seclists.org/bugtraq/2019/Aug/23", + "https://seclists.org/bugtraq/2019/Aug/25", + "https://security.gentoo.org/glsa/202003-52", + "https://support.apple.com/HT210346", + "https://support.apple.com/HT210348", + "https://support.apple.com/HT210351", + "https://support.apple.com/HT210353", + "https://ubuntu.com/security/notices/USN-3976-1", + "https://ubuntu.com/security/notices/USN-3976-2", + "https://ubuntu.com/security/notices/USN-5675-1", + "https://www.cve.org/CVERecord?id=CVE-2018-16860", + "https://www.samba.org/samba/security/CVE-2018-16860.html", + "https://www.synology.com/security/advisory/Synology_SA_19_23" + ], + "PublishedDate": "2019-07-31T15:15:00Z", + "LastModifiedDate": "2019-08-14T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-44758", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44758", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ...", + "Description": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758", + "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44758", + "https://ubuntu.com/security/notices/USN-5800-1" + ], + "PublishedDate": "2022-12-26T05:15:00Z", + "LastModifiedDate": "2023-01-05T02:50:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3116", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3116", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Description": "The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3116", + "https://kb.cert.org/vuls/id/730793", + "https://security.netapp.com/advisory/ntap-20230505-0010/", + "https://ubuntu.com/security/notices/USN-5675-1", + "https://www.kb.cert.org/vuls/id/730793" + ], + "PublishedDate": "2023-03-27T22:15:00Z", + "LastModifiedDate": "2023-05-05T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3437", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3437", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal", + "Description": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787", + "CWE-122" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/02/08/1", + "https://access.redhat.com/security/cve/CVE-2022-3437", + "https://bugzilla.redhat.com/show_bug.cgi?id=2137774", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3437", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3437", + "https://www.samba.org/samba/security/CVE-2022-3437.html" + ], + "PublishedDate": "2023-01-12T15:15:00Z", + "LastModifiedDate": "2023-02-16T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41916", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.2", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41916", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...", + "Description": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41916", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5766-1", + "https://www.debian.org/security/2022/dsa-5287" + ], + "PublishedDate": "2022-11-15T23:15:00Z", + "LastModifiedDate": "2023-02-16T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8637", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-44640", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44640", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...", + "Description": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4", + "https://nvd.nist.gov/vuln/detail/CVE-2022-44640", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5800-1" + ], + "PublishedDate": "2022-12-25T05:15:00Z", + "LastModifiedDate": "2023-05-16T11:03:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45142", + "PkgID": "libasn1-8-heimdal@7.5.0+dfsg-1", + "PkgName": "libasn1-8-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45142", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: CVE-2022-3437 fix introduced a logic inversion", + "Description": "The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45142", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45142", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45142", + "https://ubuntu.com/security/notices/USN-5849-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45142", + "https://www.openwall.com/lists/oss-security/2023/02/08/1" + ], + "PublishedDate": "2023-03-06T23:15:00Z", + "LastModifiedDate": "2023-03-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3999", + "PkgID": "libc-bin@2.27-3ubuntu1.3", + "PkgName": "libc-bin", + "InstalledVersion": "2.27-3ubuntu1.3", + "FixedVersion": "2.27-3ubuntu1.5", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Off-by-one buffer overflow/underflow in getcwd()", + "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", + "https://access.redhat.com/security/cve/CVE-2021-3999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999", + "https://linux.oracle.com/cve/CVE-2021-3999.html", + "https://linux.oracle.com/errata/ELSA-2022-9234.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", + "https://security-tracker.debian.org/tracker/CVE-2021-3999", + "https://security.netapp.com/advisory/ntap-20221104-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", + "https://ubuntu.com/security/notices/USN-5310-1", + "https://ubuntu.com/security/notices/USN-5310-2", + "https://www.cve.org/CVERecord?id=CVE-2021-3999", + "https://www.openwall.com/lists/oss-security/2022/01/24/4" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-02-12T23:43:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3999", + "PkgID": "libc6@2.27-3ubuntu1.3", + "PkgName": "libc6", + "InstalledVersion": "2.27-3ubuntu1.3", + "FixedVersion": "2.27-3ubuntu1.5", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Off-by-one buffer overflow/underflow in getcwd()", + "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", + "https://access.redhat.com/security/cve/CVE-2021-3999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999", + "https://linux.oracle.com/cve/CVE-2021-3999.html", + "https://linux.oracle.com/errata/ELSA-2022-9234.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", + "https://security-tracker.debian.org/tracker/CVE-2021-3999", + "https://security.netapp.com/advisory/ntap-20221104-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", + "https://ubuntu.com/security/notices/USN-5310-1", + "https://ubuntu.com/security/notices/USN-5310-2", + "https://www.cve.org/CVERecord?id=CVE-2021-3999", + "https://www.openwall.com/lists/oss-security/2022/01/24/4" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-02-12T23:43:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1304", + "PkgID": "libcom-err2@1.44.1-1ubuntu1.3", + "PkgName": "libcom-err2", + "InstalledVersion": "1.44.1-1ubuntu1.3", + "FixedVersion": "1.44.1-1ubuntu1.4", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", + "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8361", + "https://access.redhat.com/security/cve/CVE-2022-1304", + "https://bugzilla.redhat.com/2069726", + "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", + "https://errata.almalinux.org/9/ALSA-2022-8361.html", + "https://errata.rockylinux.org/RLSA-2022:8361", + "https://linux.oracle.com/cve/CVE-2022-1304.html", + "https://linux.oracle.com/errata/ELSA-2022-8361.html", + "https://marc.info/?l=linux-ext4&m=165056234501732&w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", + "https://ubuntu.com/security/notices/USN-5464-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1304" + ], + "PublishedDate": "2022-04-14T21:15:00Z", + "LastModifiedDate": "2023-02-12T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-8285", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.12", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8285", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used", + "Description": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787", + "CWE-674" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/Apr/51", + "https://access.redhat.com/security/cve/CVE-2020-8285", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2020-8285.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285", + "https://github.com/curl/curl/issues/6255", + "https://hackerone.com/reports/1045844", + "https://linux.oracle.com/cve/CVE-2020-8285.html", + "https://linux.oracle.com/errata/ELSA-2021-1610.html", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", + "https://nvd.nist.gov/vuln/detail/CVE-2020-8285", + "https://security.gentoo.org/glsa/202012-14", + "https://security.netapp.com/advisory/ntap-20210122-0007/", + "https://support.apple.com/kb/HT212325", + "https://support.apple.com/kb/HT212326", + "https://support.apple.com/kb/HT212327", + "https://ubuntu.com/security/notices/USN-4665-1", + "https://ubuntu.com/security/notices/USN-4665-2", + "https://www.cve.org/CVERecord?id=CVE-2020-8285", + "https://www.debian.org/security/2021/dsa-4881", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html" + ], + "PublishedDate": "2020-12-14T20:15:00Z", + "LastModifiedDate": "2022-05-13T20:58:00Z" + }, + { + "VulnerabilityID": "CVE-2020-8286", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.12", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-8286", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: Inferior OCSP verification", + "Description": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/Apr/50", + "http://seclists.org/fulldisclosure/2021/Apr/51", + "http://seclists.org/fulldisclosure/2021/Apr/54", + "https://access.redhat.com/security/cve/CVE-2020-8286", + "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2020-8286.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286", + "https://hackerone.com/reports/1048457", + "https://linux.oracle.com/cve/CVE-2020-8286.html", + "https://linux.oracle.com/errata/ELSA-2021-1610.html", + "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", + "https://nvd.nist.gov/vuln/detail/CVE-2020-8286", + "https://security.gentoo.org/glsa/202012-14", + "https://security.netapp.com/advisory/ntap-20210122-0007/", + "https://support.apple.com/kb/HT212325", + "https://support.apple.com/kb/HT212326", + "https://support.apple.com/kb/HT212327", + "https://ubuntu.com/security/notices/USN-4665-1", + "https://www.cve.org/CVERecord?id=CVE-2020-8286", + "https://www.debian.org/security/2021/dsa-4881", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2020-12-14T20:15:00Z", + "LastModifiedDate": "2022-05-13T20:50:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22876", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.13", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22876", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: Leak of authentication credentials in URL via automatic Referer", + "Description": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-200" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-22876", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22876.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876", + "https://errata.almalinux.org/8/ALSA-2021-4511.html", + "https://hackerone.com/reports/1101882", + "https://linux.oracle.com/cve/CVE-2021-22876.html", + "https://linux.oracle.com/errata/ELSA-2021-4511.html", + "https://lists.debian.org/debian-lts-announce/2021/05/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZC5BMIOKLBQJSFCHEDN2G2C2SH274BP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITVWPVGLFISU5BJC2BXBRYSDXTXE2YGC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQUIOYX2KUU6FIUZVB5WWZ6JHSSYSQWJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22876", + "https://security.gentoo.org/glsa/202105-36", + "https://security.netapp.com/advisory/ntap-20210521-0007/", + "https://ubuntu.com/security/notices/USN-4898-1", + "https://ubuntu.com/security/notices/USN-4903-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22876", + "https://www.oracle.com//security-alerts/cpujul2021.html" + ], + "PublishedDate": "2021-04-01T18:15:00Z", + "LastModifiedDate": "2022-04-06T16:19:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22924", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.14", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22924", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: Bad connection reuse due to flawed path name checks", + "Description": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-706" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 4.3, + "V3Score": 3.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-22924", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf", + "https://curl.se/docs/CVE-2021-22924.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924", + "https://hackerone.com/reports/1223565", + "https://linux.oracle.com/cve/CVE-2021-22924.html", + "https://linux.oracle.com/errata/ELSA-2021-3582.html", + "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E", + "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22924", + "https://security.netapp.com/advisory/ntap-20210902-0003/", + "https://ubuntu.com/security/notices/USN-5021-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22924", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-08-05T21:15:00Z", + "LastModifiedDate": "2022-10-28T19:12:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22925", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.14", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22925", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure", + "Description": "curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-908" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "V3Score": 3.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/Sep/39", + "http://seclists.org/fulldisclosure/2021/Sep/40", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json", + "https://access.redhat.com/security/cve/CVE-2021-22925", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", + "https://curl.se/docs/CVE-2021-22925.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22925", + "https://errata.almalinux.org/8/ALSA-2021-4511.html", + "https://hackerone.com/reports/1223882", + "https://linux.oracle.com/cve/CVE-2021-22925.html", + "https://linux.oracle.com/errata/ELSA-2021-4511.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22925", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20210902-0003/", + "https://support.apple.com/kb/HT212804", + "https://support.apple.com/kb/HT212805", + "https://ubuntu.com/security/notices/USN-5021-1", + "https://ubuntu.com/security/notices/USN-5021-2", + "https://ubuntu.com/security/notices/USN-5894-1", + "https://www.cve.org/CVERecord?id=CVE-2021-22925", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-08-05T21:15:00Z", + "LastModifiedDate": "2023-01-05T18:20:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22946", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.15", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22946", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols", + "Description": "A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-319" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", + "https://access.redhat.com/security/cve/CVE-2021-22946", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22946.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946", + "https://hackerone.com/reports/1334111", + "https://linux.oracle.com/cve/CVE-2021-22946.html", + "https://linux.oracle.com/errata/ELSA-2021-4059.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22946", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://security.netapp.com/advisory/ntap-20220121-0008/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://ubuntu.com/security/notices/USN-5079-2", + "https://www.cve.org/CVERecord?id=CVE-2021-22946", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-29T20:15:00Z", + "LastModifiedDate": "2023-01-05T18:24:00Z" + }, + { + "VulnerabilityID": "CVE-2021-22947", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.15", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22947", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: Server responses received before STARTTLS processed after TLS handshake", + "Description": "When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-345" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Mar/29", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", + "https://access.redhat.com/security/cve/CVE-2021-22947", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://curl.se/docs/CVE-2021-22947.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947", + "https://hackerone.com/reports/1334763", + "https://launchpad.net/bugs/1944120 (regression bug)", + "https://linux.oracle.com/cve/CVE-2021-22947.html", + "https://linux.oracle.com/errata/ELSA-2021-4059.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-22947", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20211029-0003/", + "https://support.apple.com/kb/HT213183", + "https://ubuntu.com/security/notices/USN-5079-1", + "https://ubuntu.com/security/notices/USN-5079-2", + "https://ubuntu.com/security/notices/USN-5079-3", + "https://ubuntu.com/security/notices/USN-5079-4", + "https://www.cve.org/CVERecord?id=CVE-2021-22947", + "https://www.debian.org/security/2022/dsa-5197", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-09-29T20:15:00Z", + "LastModifiedDate": "2023-01-05T18:25:00Z" + }, + { + "VulnerabilityID": "CVE-2022-22576", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.17", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-22576", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: OAUTH2 bearer bypass in connection re-use", + "Description": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-306" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V2Score": 5.5, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-22576", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-22576.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1526328", + "https://linux.oracle.com/cve/CVE-2022-22576.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-22576", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-22576", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-05-26T17:15:00Z", + "LastModifiedDate": "2023-07-24T13:31:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27774", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.17", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27774", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "curl: credential leak on redirect", + "Description": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "V2Score": 3.5, + "V3Score": 5.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27774", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27774.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1543773", + "https://linux.oracle.com/cve/CVE-2022-27774.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27774", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0008/", + "https://ubuntu.com/security/notices/USN-5397-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27774", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-02-23T17:59:00Z" + }, + { + "VulnerabilityID": "CVE-2022-27782", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.18", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27782", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "TLS and SSH connection too eager reuse", + "Description": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/03/20/6", + "https://access.redhat.com/errata/RHSA-2022:5313", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", + "https://access.redhat.com/security/cve/CVE-2022-27782", + "https://bugzilla.redhat.com/2077541", + "https://bugzilla.redhat.com/2077547", + "https://bugzilla.redhat.com/2078408", + "https://bugzilla.redhat.com/2082215", + "https://curl.se/docs/CVE-2022-27782.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782", + "https://errata.almalinux.org/8/ALSA-2022-5313.html", + "https://hackerone.com/reports/1555796", + "https://linux.oracle.com/cve/CVE-2022-27782.html", + "https://linux.oracle.com/errata/ELSA-2022-5313.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27782", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220609-0009/", + "https://ubuntu.com/security/notices/USN-5412-1", + "https://www.cve.org/CVERecord?id=CVE-2022-27782", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-06-02T14:15:00Z", + "LastModifiedDate": "2023-03-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32206", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.19", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32206", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP compression denial of service", + "Description": "curl < 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "http://www.openwall.com/lists/oss-security/2023/02/15/3", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", + "https://access.redhat.com/security/cve/CVE-2022-32206", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", + "https://curl.se/docs/CVE-2022-32206.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1570651", + "https://linux.oracle.com/cve/CVE-2022-32206.html", + "https://linux.oracle.com/errata/ELSA-2022-6159.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32206", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32206", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-02-15T10:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32208", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.19", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32208", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "FTP-KRB bad message verification", + "Description": "When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/28", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "https://access.redhat.com/errata/RHSA-2022:6157", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", + "https://access.redhat.com/security/cve/CVE-2022-32208", + "https://bugzilla.redhat.com/2099300", + "https://bugzilla.redhat.com/2099305", + "https://bugzilla.redhat.com/2099306", + "https://curl.se/docs/CVE-2022-32208.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208", + "https://errata.almalinux.org/9/ALSA-2022-6157.html", + "https://hackerone.com/reports/1590071", + "https://linux.oracle.com/cve/CVE-2022-32208.html", + "https://linux.oracle.com/errata/ELSA-2022-6159.html", + "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32208", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20220915-0003/", + "https://support.apple.com/kb/HT213488", + "https://ubuntu.com/security/notices/USN-5495-1", + "https://ubuntu.com/security/notices/USN-5499-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32208", + "https://www.debian.org/security/2022/dsa-5197" + ], + "PublishedDate": "2022-07-07T13:15:00Z", + "LastModifiedDate": "2023-01-05T17:43:00Z" + }, + { + "VulnerabilityID": "CVE-2022-32221", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32221", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "POST following PUT confusion", + "Description": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-668" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jan/19", + "http://seclists.org/fulldisclosure/2023/Jan/20", + "http://www.openwall.com/lists/oss-security/2023/05/17/4", + "https://access.redhat.com/errata/RHSA-2023:0333", + "https://access.redhat.com/security/cve/CVE-2022-32221", + "https://bugzilla.redhat.com/2135411", + "https://bugzilla.redhat.com/show_bug.cgi?id=2135411", + "https://curl.se/docs/CVE-2022-32221.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221", + "https://errata.almalinux.org/9/ALSA-2023-0333.html", + "https://errata.rockylinux.org/RLSA-2023:0333", + "https://hackerone.com/reports/1704017", + "https://linux.oracle.com/cve/CVE-2022-32221.html", + "https://linux.oracle.com/errata/ELSA-2023-0333.html", + "https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32221", + "https://security.gentoo.org/glsa/202212-01", + "https://security.netapp.com/advisory/ntap-20230110-0006/", + "https://security.netapp.com/advisory/ntap-20230208-0002/", + "https://support.apple.com/kb/HT213604", + "https://support.apple.com/kb/HT213605", + "https://ubuntu.com/security/notices/USN-5702-1", + "https://ubuntu.com/security/notices/USN-5702-2", + "https://ubuntu.com/security/notices/USN-5823-1", + "https://www.cve.org/CVERecord?id=CVE-2022-32221", + "https://www.debian.org/security/2023/dsa-5330" + ], + "PublishedDate": "2022-12-05T22:15:00Z", + "LastModifiedDate": "2023-05-17T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-43552", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.22", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-43552", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Use-after-free triggered by an HTTP proxy deny response", + "Description": "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Mar/17", + "https://access.redhat.com/errata/RHSA-2023:2478", + "https://access.redhat.com/security/cve/CVE-2022-43552", + "https://bugzilla.redhat.com/2120718", + "https://bugzilla.redhat.com/2152652", + "https://curl.se/docs/CVE-2022-43552.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552", + "https://errata.almalinux.org/9/ALSA-2023-2478.html", + "https://hackerone.com/reports/1764858", + "https://linux.oracle.com/cve/CVE-2022-43552.html", + "https://linux.oracle.com/errata/ELSA-2023-2963.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", + "https://security.netapp.com/advisory/ntap-20230214-0002/", + "https://support.apple.com/kb/HT213670", + "https://ubuntu.com/security/notices/USN-5788-1", + "https://ubuntu.com/security/notices/USN-5894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-43552" + ], + "PublishedDate": "2023-02-09T20:15:00Z", + "LastModifiedDate": "2023-03-28T05:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-23916", + "PkgID": "libcurl4@7.58.0-2ubuntu3.10", + "PkgName": "libcurl4", + "InstalledVersion": "7.58.0-2ubuntu3.10", + "FixedVersion": "7.58.0-2ubuntu3.23", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-23916", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP multi-header compression denial of service", + "Description": "An allocation of resources without limits or throttling vulnerability exists in curl bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36226", + "https://bugs.openldap.org/show_bug.cgi?id=9413", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36226", + "https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65", + "https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26", + "https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439", + "https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36226", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36226", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:24:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36227", + "PkgID": "libldap-2.4-2@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-2.4-2", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36227", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Infinite loop in slapd with the cancel_extop Cancel operation", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36227", + "https://bugs.openldap.org/show_bug.cgi?id=9428", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227", + "https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36227", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36227", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:25:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36228", + "PkgID": "libldap-2.4-2@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-2.4-2", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36228", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c", + "Description": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-191" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36228", + "https://bugs.openldap.org/show_bug.cgi?id=9427", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228", + "https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36228", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36228", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:36:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36229", + "PkgID": "libldap-2.4-2@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-2.4-2", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36229", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Type confusion in ad_keystring in ad.c", + "Description": "A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-843" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36229", + "https://bugs.openldap.org/show_bug.cgi?id=9425", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36229", + "https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36229", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36229", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:37:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36230", + "PkgID": "libldap-2.4-2@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-2.4-2", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36230", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Assertion failure in ber_next_element in decode.c", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36230", + "https://bugs.openldap.org/show_bug.cgi?id=9423", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230", + "https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36230", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36230", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-30T02:18:00Z" + }, + { + "VulnerabilityID": "CVE-2021-27212", + "PkgID": "libldap-2.4-2@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-2.4-2", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27212", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Assertion failure in slapd in the issuerAndThisUpdateCheck function", + "Description": "In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-27212", + "https://bugs.openldap.org/show_bug.cgi?id=9454", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212", + "https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0", + "https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-27212", + "https://security.netapp.com/advisory/ntap-20210319-0005/", + "https://ubuntu.com/security/notices/USN-4744-1", + "https://www.cve.org/CVERecord?id=CVE-2021-27212", + "https://www.debian.org/security/2021/dsa-4860" + ], + "PublishedDate": "2021-02-14T03:15:00Z", + "LastModifiedDate": "2021-09-13T19:46:00Z" + }, + { + "VulnerabilityID": "CVE-2022-29155", + "PkgID": "libldap-2.4-2@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-2.4-2", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.11", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29155", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: OpenLDAP SQL injection", + "Description": "In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-89" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-29155", + "https://bugs.openldap.org/show_bug.cgi?id=9815", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29155", + "https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29155", + "https://security.netapp.com/advisory/ntap-20220609-0007/", + "https://ubuntu.com/security/notices/USN-5424-1", + "https://ubuntu.com/security/notices/USN-5424-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29155", + "https://www.debian.org/security/2022/dsa-5140" + ], + "PublishedDate": "2022-05-04T20:15:00Z", + "LastModifiedDate": "2022-10-06T15:56:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36221", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36221", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c", + "Description": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-191" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36221", + "https://bugs.openldap.org/show_bug.cgi?id=9404", + "https://bugs.openldap.org/show_bug.cgi?id=9424", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36221", + "https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31", + "https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36221", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36221", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:18:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36222", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36222", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Assertion failure in slapd in the saslAuthzTo validation", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36222", + "https://bugs.openldap.org/show_bug.cgi?id=9406", + "https://bugs.openldap.org/show_bug.cgi?id=9407", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36222", + "https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0", + "https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed", + "https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed.aa", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36222", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36222", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:21:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36223", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36223", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Out-of-bounds read in Values Return Filter", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36223", + "https://bugs.openldap.org/show_bug.cgi?id=9408", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36223", + "https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36223", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36223", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:21:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36224", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36224", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Invalid pointer free in the saslAuthzTo processing", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-763" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36224", + "https://bugs.openldap.org/show_bug.cgi?id=9409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36224", + "https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65", + "https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26", + "https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439", + "https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36224", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36224", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:22:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36225", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36225", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Double free in the saslAuthzTo processing", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36225", + "https://bugs.openldap.org/show_bug.cgi?id=9412", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36225", + "https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65", + "https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26", + "https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439", + "https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36225", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36225", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:24:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36226", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36226", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Denial of service via length miscalculation in slap_parse_user", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36226", + "https://bugs.openldap.org/show_bug.cgi?id=9413", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36226", + "https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65", + "https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26", + "https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439", + "https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36226", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36226", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:24:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36227", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36227", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Infinite loop in slapd with the cancel_extop Cancel operation", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36227", + "https://bugs.openldap.org/show_bug.cgi?id=9428", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36227", + "https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36227", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36227", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:25:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36228", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36228", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c", + "Description": "An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-191" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36228", + "https://bugs.openldap.org/show_bug.cgi?id=9427", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36228", + "https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36228", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36228", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:36:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36229", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36229", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Type confusion in ad_keystring in ad.c", + "Description": "A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-843" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36229", + "https://bugs.openldap.org/show_bug.cgi?id=9425", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36229", + "https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36229", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36229", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-13T16:37:00Z" + }, + { + "VulnerabilityID": "CVE-2020-36230", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36230", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: Assertion failure in ber_next_element in decode.c", + "Description": "A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/64", + "http://seclists.org/fulldisclosure/2021/May/65", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2020-36230", + "https://bugs.openldap.org/show_bug.cgi?id=9423", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36230", + "https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793", + "https://git.openldap.org/openldap/openldap/-/tags/OPENLDAP_REL_ENG_2_4_57", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-36230", + "https://security.netapp.com/advisory/ntap-20210226-0002/", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212530", + "https://support.apple.com/kb/HT212531", + "https://ubuntu.com/security/notices/USN-4724-1", + "https://www.cve.org/CVERecord?id=CVE-2020-36230", + "https://www.debian.org/security/2021/dsa-4845" + ], + "PublishedDate": "2021-01-26T18:15:00Z", + "LastModifiedDate": "2022-04-30T02:18:00Z" + }, + { + "VulnerabilityID": "CVE-2021-27212", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27212", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Assertion failure in slapd in the issuerAndThisUpdateCheck function", + "Description": "In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-27212", + "https://bugs.openldap.org/show_bug.cgi?id=9454", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27212", + "https://git.openldap.org/openldap/openldap/-/commit/3539fc33212b528c56b716584f2c2994af7c30b0", + "https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/02/msg00035.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-27212", + "https://security.netapp.com/advisory/ntap-20210319-0005/", + "https://ubuntu.com/security/notices/USN-4744-1", + "https://www.cve.org/CVERecord?id=CVE-2021-27212", + "https://www.debian.org/security/2021/dsa-4860" + ], + "PublishedDate": "2021-02-14T03:15:00Z", + "LastModifiedDate": "2021-09-13T19:46:00Z" + }, + { + "VulnerabilityID": "CVE-2022-29155", + "PkgID": "libldap-common@2.4.45+dfsg-1ubuntu1.8", + "PkgName": "libldap-common", + "InstalledVersion": "2.4.45+dfsg-1ubuntu1.8", + "FixedVersion": "2.4.45+dfsg-1ubuntu1.11", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29155", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openldap: OpenLDAP SQL injection", + "Description": "In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-89" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-29155", + "https://bugs.openldap.org/show_bug.cgi?id=9815", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29155", + "https://lists.debian.org/debian-lts-announce/2022/05/msg00032.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29155", + "https://security.netapp.com/advisory/ntap-20220609-0007/", + "https://ubuntu.com/security/notices/USN-5424-1", + "https://ubuntu.com/security/notices/USN-5424-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29155", + "https://www.debian.org/security/2022/dsa-5140" + ], + "PublishedDate": "2022-05-04T20:15:00Z", + "LastModifiedDate": "2022-10-06T15:56:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3520", + "PkgID": "liblz4-1@0.0~r131-2ubuntu3", + "PkgName": "liblz4-1", + "InstalledVersion": "0.0~r131-2ubuntu3", + "FixedVersion": "0.0~r131-2ubuntu3.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3520", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "memory corruption due to an integer overflow bug caused by memmove argument", + "Description": "There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787", + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3520", + "https://bugzilla.redhat.com/show_bug.cgi?id=1954559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3520", + "https://errata.almalinux.org/8/ALSA-2021-2575.html", + "https://errata.rockylinux.org/RLSA-2021:2575", + "https://github.com/lz4/lz4/pull/972", + "https://linux.oracle.com/cve/CVE-2021-3520.html", + "https://linux.oracle.com/errata/ELSA-2021-2575.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3520", + "https://security.netapp.com/advisory/ntap-20211104-0005/", + "https://ubuntu.com/security/notices/USN-4968-1", + "https://ubuntu.com/security/notices/USN-4968-2", + "https://www.cve.org/CVERecord?id=CVE-2021-3520", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-06-02T13:15:00Z", + "LastModifiedDate": "2023-02-12T23:41:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1271", + "PkgID": "liblzma5@5.2.2-1.3", + "PkgName": "liblzma5", + "InstalledVersion": "5.2.2-1.3", + "FixedVersion": "5.2.2-1.3ubuntu0.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1271", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "arbitrary-file-write vulnerability", + "Description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:4940", + "https://access.redhat.com/security/cve/CVE-2022-1271", + "https://bugzilla.redhat.com/2073310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271", + "https://errata.almalinux.org/9/ALSA-2022-4940.html", + "https://errata.rockylinux.org/RLSA-2022:4940", + "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", + "https://linux.oracle.com/cve/CVE-2022-1271.html", + "https://linux.oracle.com/errata/ELSA-2022-5052.html", + "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1271", + "https://security-tracker.debian.org/tracker/CVE-2022-1271", + "https://security.gentoo.org/glsa/202209-01", + "https://security.netapp.com/advisory/ntap-20220930-0006/", + "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", + "https://ubuntu.com/security/notices/USN-5378-1", + "https://ubuntu.com/security/notices/USN-5378-2", + "https://ubuntu.com/security/notices/USN-5378-3", + "https://ubuntu.com/security/notices/USN-5378-4", + "https://www.cve.org/CVERecord?id=CVE-2022-1271", + "https://www.openwall.com/lists/oss-security/2022/04/07/8" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2022-10-07T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libncurses5@6.1-1ubuntu1.18.04", + "PkgName": "libncurses5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "FixedVersion": "6.1-1ubuntu1.18.04.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:00Z", + "LastModifiedDate": "2023-05-17T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libncursesw5@6.1-1ubuntu1.18.04", + "PkgName": "libncursesw5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "FixedVersion": "6.1-1ubuntu1.18.04.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:00Z", + "LastModifiedDate": "2023-05-17T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-20305", + "PkgID": "libnettle6@3.4-1", + "PkgName": "libnettle6", + "InstalledVersion": "3.4-1", + "FixedVersion": "3.4-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20305", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "nettle: Out of bounds memory access in signature verification", + "Description": "A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-20305", + "https://bugzilla.redhat.com/show_bug.cgi?id=1942533", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20305", + "https://linux.oracle.com/cve/CVE-2021-20305.html", + "https://linux.oracle.com/errata/ELSA-2021-1206.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/", + "https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-20305", + "https://security.gentoo.org/glsa/202105-31", + "https://security.netapp.com/advisory/ntap-20211022-0002/", + "https://ubuntu.com/security/notices/USN-4906-1", + "https://www.cve.org/CVERecord?id=CVE-2021-20305", + "https://www.debian.org/security/2021/dsa-4933" + ], + "PublishedDate": "2021-04-05T22:15:00Z", + "LastModifiedDate": "2021-12-06T13:57:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3580", + "PkgID": "libnettle6@3.4-1", + "PkgName": "libnettle6", + "InstalledVersion": "3.4-1", + "FixedVersion": "3.4.1-0ubuntu0.18.04.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3580", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "nettle: Remote crash in RSA decryption via manipulated ciphertext", + "Description": "A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3580", + "https://bugzilla.redhat.com/show_bug.cgi?id=1776250", + "https://bugzilla.redhat.com/show_bug.cgi?id=1908110", + "https://bugzilla.redhat.com/show_bug.cgi?id=1908334", + "https://bugzilla.redhat.com/show_bug.cgi?id=1922275", + "https://bugzilla.redhat.com/show_bug.cgi?id=1922276", + "https://bugzilla.redhat.com/show_bug.cgi?id=1965445", + "https://bugzilla.redhat.com/show_bug.cgi?id=1967983", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3580", + "https://errata.almalinux.org/8/ALSA-2021-4451.html", + "https://errata.rockylinux.org/RLSA-2021:4451", + "https://linux.oracle.com/cve/CVE-2021-3580.html", + "https://linux.oracle.com/errata/ELSA-2022-9221.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3580", + "https://security.netapp.com/advisory/ntap-20211104-0006/", + "https://ubuntu.com/security/notices/USN-4990-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3580" + ], + "PublishedDate": "2021-08-05T21:15:00Z", + "LastModifiedDate": "2021-11-26T21:06:00Z" + }, + { + "VulnerabilityID": "CVE-2020-29361", + "PkgID": "libp11-kit0@0.23.9-2", + "PkgName": "libp11-kit0", + "InstalledVersion": "0.23.9-2", + "FixedVersion": "0.23.9-2ubuntu0.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29361", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers", + "Description": "An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-29361", + "https://bugzilla.redhat.com/show_bug.cgi?id=1665172", + "https://bugzilla.redhat.com/show_bug.cgi?id=1890464", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903588", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903590", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903592", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363", + "https://errata.almalinux.org/8/ALSA-2021-1609.html", + "https://errata.rockylinux.org/RLSA-2021:1609", + "https://github.com/p11-glue/p11-kit/releases", + "https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2", + "https://linux.oracle.com/cve/CVE-2020-29361.html", + "https://linux.oracle.com/errata/ELSA-2021-1609.html", + "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html", + "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-29361", + "https://ubuntu.com/security/notices/USN-4677-1", + "https://ubuntu.com/security/notices/USN-4677-2", + "https://www.cve.org/CVERecord?id=CVE-2020-29361", + "https://www.debian.org/security/2021/dsa-4822" + ], + "PublishedDate": "2020-12-16T14:15:00Z", + "LastModifiedDate": "2022-08-06T03:55:00Z" + }, + { + "VulnerabilityID": "CVE-2020-29362", + "PkgID": "libp11-kit0@0.23.9-2", + "PkgName": "libp11-kit0", + "InstalledVersion": "0.23.9-2", + "FixedVersion": "0.23.9-2ubuntu0.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29362", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c", + "Description": "An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-29362", + "https://bugzilla.redhat.com/show_bug.cgi?id=1665172", + "https://bugzilla.redhat.com/show_bug.cgi?id=1890464", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903588", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903590", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903592", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363", + "https://errata.almalinux.org/8/ALSA-2021-1609.html", + "https://errata.rockylinux.org/RLSA-2021:1609", + "https://github.com/p11-glue/p11-kit/releases", + "https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc", + "https://linux.oracle.com/cve/CVE-2020-29362.html", + "https://linux.oracle.com/errata/ELSA-2021-1609.html", + "https://lists.debian.org/debian-lts-announce/2021/01/msg00002.html", + "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-29362", + "https://ubuntu.com/security/notices/USN-4677-1", + "https://www.cve.org/CVERecord?id=CVE-2020-29362", + "https://www.debian.org/security/2021/dsa-4822" + ], + "PublishedDate": "2020-12-16T14:15:00Z", + "LastModifiedDate": "2021-01-11T16:50:00Z" + }, + { + "VulnerabilityID": "CVE-2020-29363", + "PkgID": "libp11-kit0@0.23.9-2", + "PkgName": "libp11-kit0", + "InstalledVersion": "0.23.9-2", + "FixedVersion": "0.23.9-2ubuntu0.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29363", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c", + "Description": "An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2020-29363", + "https://bugzilla.redhat.com/show_bug.cgi?id=1665172", + "https://bugzilla.redhat.com/show_bug.cgi?id=1890464", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903588", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903590", + "https://bugzilla.redhat.com/show_bug.cgi?id=1903592", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29361", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29362", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29363", + "https://errata.almalinux.org/8/ALSA-2021-1609.html", + "https://errata.rockylinux.org/RLSA-2021:1609", + "https://github.com/p11-glue/p11-kit/releases", + "https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x", + "https://linux.oracle.com/cve/CVE-2020-29363.html", + "https://linux.oracle.com/errata/ELSA-2021-1609.html", + "https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-29363", + "https://ubuntu.com/security/notices/USN-4677-1", + "https://www.cve.org/CVERecord?id=CVE-2020-29363", + "https://www.debian.org/security/2021/dsa-4822", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2020-12-16T14:15:00Z", + "LastModifiedDate": "2022-05-12T14:47:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3177", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3177", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c", + "Description": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3177", + "https://bugs.python.org/issue42938", + "https://bugzilla.redhat.com/show_bug.cgi?id=1868006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1883014", + "https://bugzilla.redhat.com/show_bug.cgi?id=1886755", + "https://bugzilla.redhat.com/show_bug.cgi?id=1901633", + "https://bugzilla.redhat.com/show_bug.cgi?id=1918168", + "https://bugzilla.redhat.com/show_bug.cgi?id=1920596", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177", + "https://errata.almalinux.org/8/ALSA-2021-1879.html", + "https://errata.rockylinux.org/RLSA-2021:1879", + "https://github.com/python/cpython/pull/24239", + "https://linux.oracle.com/cve/CVE-2021-3177.html", + "https://linux.oracle.com/errata/ELSA-2022-5235.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/", + "https://news.ycombinator.com/item?id=26185005", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3177", + "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html", + "https://security.gentoo.org/glsa/202101-18", + "https://security.netapp.com/advisory/ntap-20210226-0003/", + "https://ubuntu.com/security/notices/USN-4754-1", + "https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)", + "https://ubuntu.com/security/notices/USN-4754-3", + "https://ubuntu.com/security/notices/USN-4754-4", + "https://ubuntu.com/security/notices/USN-4754-5", + "https://www.cve.org/CVERecord?id=CVE-2021-3177", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-01-19T06:15:00Z", + "LastModifiedDate": "2023-05-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3733", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3733", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: urllib: Regular expression DoS in AbstractBasicAuthHandler", + "Description": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3733", + "https://bugs.python.org/issue43075", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final", + "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final", + "https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final", + "https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final", + "https://errata.almalinux.org/8/ALSA-2022-1821.html", + "https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)", + "https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)", + "https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)", + "https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)", + "https://github.com/python/cpython/pull/24391", + "https://linux.oracle.com/cve/CVE-2021-3733.html", + "https://linux.oracle.com/errata/ELSA-2022-1821.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", + "https://security.netapp.com/advisory/ntap-20220407-0001/", + "https://ubuntu.com/security/CVE-2021-3733", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3733" + ], + "PublishedDate": "2022-03-10T17:42:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3737", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3737", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP client possible infinite loop on a 100 Continue response", + "Description": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3737", + "https://bugs.python.org/issue44022", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)", + "https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)", + "https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14", + "https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)", + "https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)", + "https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)", + "https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)", + "https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)", + "https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)", + "https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)", + "https://github.com/python/cpython/pull/25916", + "https://github.com/python/cpython/pull/26503", + "https://linux.oracle.com/cve/CVE-2021-3737.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", + "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", + "https://security.netapp.com/advisory/ntap-20220407-0009/", + "https://ubuntu.com/security/CVE-2021-3737", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://ubuntu.com/security/notices/USN-5201-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3737", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-03-04T19:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-4189", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4189", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "ftplib should not use the host from the PASV response", + "Description": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-252" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4189", + "https://bugs.python.org/issue43285", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)", + "https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)", + "https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)", + "https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)", + "https://linux.oracle.com/cve/CVE-2021-4189.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", + "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", + "https://security-tracker.debian.org/tracker/CVE-2021-4189", + "https://security.netapp.com/advisory/ntap-20221104-0004/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2021-4189" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0391", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0391", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "urllib.parse does not sanitize URLs containing ASCII newline and tabs", + "Description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6457", + "https://access.redhat.com/security/cve/CVE-2022-0391", + "https://bugs.python.org/issue43882", + "https://bugzilla.redhat.com/2047376", + "https://bugzilla.redhat.com/2075390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-6457.html", + "https://linux.oracle.com/cve/CVE-2022-0391.html", + "https://linux.oracle.com/errata/ELSA-2023-3550.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20220225-0009/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0391", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2022-02-09T23:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37454", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37454", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overflow in the SHA-3 reference implementation", + "Description": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2417", + "https://access.redhat.com/security/cve/CVE-2022-37454", + "https://bugzilla.redhat.com/2133687", + "https://bugzilla.redhat.com/2133688", + "https://bugzilla.redhat.com/2139280", + "https://bugzilla.redhat.com/2140200", + "https://bugzilla.redhat.com/2158791", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133687", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140200", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158791", + "https://csrc.nist.gov/projects/hash-functions/sha-3-project", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", + "https://eprint.iacr.org/2023/331", + "https://errata.almalinux.org/9/ALSA-2023-2417.html", + "https://errata.rockylinux.org/RLSA-2023:0965", + "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a", + "https://github.com/XKCP/XKCP/issues/105", + "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312", + "https://github.com/johanns/sha3/issues/17", + "https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd", + "https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (3.10-branch)", + "https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (3.7-branch)", + "https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (3.9-branch)", + "https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (3.8-branch)", + "https://github.com/python/cpython/issues/98517", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml", + "https://github.com/tiran/pysha3/issues/29", + "https://linux.oracle.com/cve/CVE-2022-37454.html", + "https://linux.oracle.com/errata/ELSA-2023-2903.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://mouha.be/sha-3-buffer-overflow/", + "https://news.ycombinator.com/item?id=33281106", + "https://news.ycombinator.com/item?id=35050307", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", + "https://security.gentoo.org/glsa/202305-02", + "https://ubuntu.com/security/notices/USN-5717-1", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-3", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://ubuntu.com/security/notices/USN-5930-1", + "https://ubuntu.com/security/notices/USN-5931-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37454", + "https://www.debian.org/security/2022/dsa-5267", + "https://www.debian.org/security/2022/dsa-5269" + ], + "PublishedDate": "2022-10-21T06:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45061", + "PkgID": "libpython3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45061", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "CPU denial of service via inefficient IDNA decoder", + "Description": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0953", + "https://access.redhat.com/security/cve/CVE-2022-45061", + "https://bugzilla.redhat.com/2144072", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144072", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061", + "https://errata.almalinux.org/9/ALSA-2023-0953.html", + "https://errata.rockylinux.org/RLSA-2023:0953", + "https://github.com/python/cpython/issues/98433", + "https://github.com/python/cpython/pull/99092", + "https://github.com/python/cpython/pull/99230 (3.9-branch)", + "https://github.com/python/cpython/pull/99231 (3.8-branch)", + "https://linux.oracle.com/cve/CVE-2022-45061.html", + "https://linux.oracle.com/errata/ELSA-2023-2860.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", + "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20221209-0007/", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-2", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45061" + ], + "PublishedDate": "2022-11-09T07:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3177", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3177", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c", + "Description": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3177", + "https://bugs.python.org/issue42938", + "https://bugzilla.redhat.com/show_bug.cgi?id=1868006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1883014", + "https://bugzilla.redhat.com/show_bug.cgi?id=1886755", + "https://bugzilla.redhat.com/show_bug.cgi?id=1901633", + "https://bugzilla.redhat.com/show_bug.cgi?id=1918168", + "https://bugzilla.redhat.com/show_bug.cgi?id=1920596", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177", + "https://errata.almalinux.org/8/ALSA-2021-1879.html", + "https://errata.rockylinux.org/RLSA-2021:1879", + "https://github.com/python/cpython/pull/24239", + "https://linux.oracle.com/cve/CVE-2021-3177.html", + "https://linux.oracle.com/errata/ELSA-2022-5235.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/", + "https://news.ycombinator.com/item?id=26185005", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3177", + "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html", + "https://security.gentoo.org/glsa/202101-18", + "https://security.netapp.com/advisory/ntap-20210226-0003/", + "https://ubuntu.com/security/notices/USN-4754-1", + "https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)", + "https://ubuntu.com/security/notices/USN-4754-3", + "https://ubuntu.com/security/notices/USN-4754-4", + "https://ubuntu.com/security/notices/USN-4754-5", + "https://www.cve.org/CVERecord?id=CVE-2021-3177", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-01-19T06:15:00Z", + "LastModifiedDate": "2023-05-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3733", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3733", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: urllib: Regular expression DoS in AbstractBasicAuthHandler", + "Description": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3733", + "https://bugs.python.org/issue43075", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final", + "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final", + "https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final", + "https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final", + "https://errata.almalinux.org/8/ALSA-2022-1821.html", + "https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)", + "https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)", + "https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)", + "https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)", + "https://github.com/python/cpython/pull/24391", + "https://linux.oracle.com/cve/CVE-2021-3733.html", + "https://linux.oracle.com/errata/ELSA-2022-1821.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", + "https://security.netapp.com/advisory/ntap-20220407-0001/", + "https://ubuntu.com/security/CVE-2021-3733", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3733" + ], + "PublishedDate": "2022-03-10T17:42:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3737", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3737", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP client possible infinite loop on a 100 Continue response", + "Description": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3737", + "https://bugs.python.org/issue44022", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)", + "https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)", + "https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14", + "https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)", + "https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)", + "https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)", + "https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)", + "https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)", + "https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)", + "https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)", + "https://github.com/python/cpython/pull/25916", + "https://github.com/python/cpython/pull/26503", + "https://linux.oracle.com/cve/CVE-2021-3737.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", + "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", + "https://security.netapp.com/advisory/ntap-20220407-0009/", + "https://ubuntu.com/security/CVE-2021-3737", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://ubuntu.com/security/notices/USN-5201-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3737", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-03-04T19:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-4189", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4189", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "ftplib should not use the host from the PASV response", + "Description": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-252" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4189", + "https://bugs.python.org/issue43285", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)", + "https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)", + "https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)", + "https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)", + "https://linux.oracle.com/cve/CVE-2021-4189.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", + "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", + "https://security-tracker.debian.org/tracker/CVE-2021-4189", + "https://security.netapp.com/advisory/ntap-20221104-0004/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2021-4189" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0391", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0391", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "urllib.parse does not sanitize URLs containing ASCII newline and tabs", + "Description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6457", + "https://access.redhat.com/security/cve/CVE-2022-0391", + "https://bugs.python.org/issue43882", + "https://bugzilla.redhat.com/2047376", + "https://bugzilla.redhat.com/2075390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-6457.html", + "https://linux.oracle.com/cve/CVE-2022-0391.html", + "https://linux.oracle.com/errata/ELSA-2023-3550.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20220225-0009/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0391", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2022-02-09T23:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37454", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37454", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overflow in the SHA-3 reference implementation", + "Description": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2417", + "https://access.redhat.com/security/cve/CVE-2022-37454", + "https://bugzilla.redhat.com/2133687", + "https://bugzilla.redhat.com/2133688", + "https://bugzilla.redhat.com/2139280", + "https://bugzilla.redhat.com/2140200", + "https://bugzilla.redhat.com/2158791", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133687", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140200", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158791", + "https://csrc.nist.gov/projects/hash-functions/sha-3-project", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", + "https://eprint.iacr.org/2023/331", + "https://errata.almalinux.org/9/ALSA-2023-2417.html", + "https://errata.rockylinux.org/RLSA-2023:0965", + "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a", + "https://github.com/XKCP/XKCP/issues/105", + "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312", + "https://github.com/johanns/sha3/issues/17", + "https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd", + "https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (3.10-branch)", + "https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (3.7-branch)", + "https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (3.9-branch)", + "https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (3.8-branch)", + "https://github.com/python/cpython/issues/98517", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml", + "https://github.com/tiran/pysha3/issues/29", + "https://linux.oracle.com/cve/CVE-2022-37454.html", + "https://linux.oracle.com/errata/ELSA-2023-2903.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://mouha.be/sha-3-buffer-overflow/", + "https://news.ycombinator.com/item?id=33281106", + "https://news.ycombinator.com/item?id=35050307", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", + "https://security.gentoo.org/glsa/202305-02", + "https://ubuntu.com/security/notices/USN-5717-1", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-3", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://ubuntu.com/security/notices/USN-5930-1", + "https://ubuntu.com/security/notices/USN-5931-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37454", + "https://www.debian.org/security/2022/dsa-5267", + "https://www.debian.org/security/2022/dsa-5269" + ], + "PublishedDate": "2022-10-21T06:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45061", + "PkgID": "libpython3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45061", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "CPU denial of service via inefficient IDNA decoder", + "Description": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0953", + "https://access.redhat.com/security/cve/CVE-2022-45061", + "https://bugzilla.redhat.com/2144072", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144072", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061", + "https://errata.almalinux.org/9/ALSA-2023-0953.html", + "https://errata.rockylinux.org/RLSA-2023:0953", + "https://github.com/python/cpython/issues/98433", + "https://github.com/python/cpython/pull/99092", + "https://github.com/python/cpython/pull/99230 (3.9-branch)", + "https://github.com/python/cpython/pull/99231 (3.8-branch)", + "https://linux.oracle.com/cve/CVE-2022-45061.html", + "https://linux.oracle.com/errata/ELSA-2023-2860.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", + "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20221209-0007/", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-2", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45061" + ], + "PublishedDate": "2022-11-09T07:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3177", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3177", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c", + "Description": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3177", + "https://bugs.python.org/issue42938", + "https://bugzilla.redhat.com/show_bug.cgi?id=1868006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1883014", + "https://bugzilla.redhat.com/show_bug.cgi?id=1886755", + "https://bugzilla.redhat.com/show_bug.cgi?id=1901633", + "https://bugzilla.redhat.com/show_bug.cgi?id=1918168", + "https://bugzilla.redhat.com/show_bug.cgi?id=1920596", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177", + "https://errata.almalinux.org/8/ALSA-2021-1879.html", + "https://errata.rockylinux.org/RLSA-2021:1879", + "https://github.com/python/cpython/pull/24239", + "https://linux.oracle.com/cve/CVE-2021-3177.html", + "https://linux.oracle.com/errata/ELSA-2022-5235.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/", + "https://news.ycombinator.com/item?id=26185005", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3177", + "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html", + "https://security.gentoo.org/glsa/202101-18", + "https://security.netapp.com/advisory/ntap-20210226-0003/", + "https://ubuntu.com/security/notices/USN-4754-1", + "https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)", + "https://ubuntu.com/security/notices/USN-4754-3", + "https://ubuntu.com/security/notices/USN-4754-4", + "https://ubuntu.com/security/notices/USN-4754-5", + "https://www.cve.org/CVERecord?id=CVE-2021-3177", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-01-19T06:15:00Z", + "LastModifiedDate": "2023-05-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3733", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3733", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: urllib: Regular expression DoS in AbstractBasicAuthHandler", + "Description": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3733", + "https://bugs.python.org/issue43075", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final", + "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final", + "https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final", + "https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final", + "https://errata.almalinux.org/8/ALSA-2022-1821.html", + "https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)", + "https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)", + "https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)", + "https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)", + "https://github.com/python/cpython/pull/24391", + "https://linux.oracle.com/cve/CVE-2021-3733.html", + "https://linux.oracle.com/errata/ELSA-2022-1821.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", + "https://security.netapp.com/advisory/ntap-20220407-0001/", + "https://ubuntu.com/security/CVE-2021-3733", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3733" + ], + "PublishedDate": "2022-03-10T17:42:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3737", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3737", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP client possible infinite loop on a 100 Continue response", + "Description": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3737", + "https://bugs.python.org/issue44022", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)", + "https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)", + "https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14", + "https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)", + "https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)", + "https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)", + "https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)", + "https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)", + "https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)", + "https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)", + "https://github.com/python/cpython/pull/25916", + "https://github.com/python/cpython/pull/26503", + "https://linux.oracle.com/cve/CVE-2021-3737.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", + "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", + "https://security.netapp.com/advisory/ntap-20220407-0009/", + "https://ubuntu.com/security/CVE-2021-3737", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://ubuntu.com/security/notices/USN-5201-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3737", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-03-04T19:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-4189", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4189", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "ftplib should not use the host from the PASV response", + "Description": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-252" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4189", + "https://bugs.python.org/issue43285", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)", + "https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)", + "https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)", + "https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)", + "https://linux.oracle.com/cve/CVE-2021-4189.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", + "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", + "https://security-tracker.debian.org/tracker/CVE-2021-4189", + "https://security.netapp.com/advisory/ntap-20221104-0004/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2021-4189" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0391", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0391", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "urllib.parse does not sanitize URLs containing ASCII newline and tabs", + "Description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6457", + "https://access.redhat.com/security/cve/CVE-2022-0391", + "https://bugs.python.org/issue43882", + "https://bugzilla.redhat.com/2047376", + "https://bugzilla.redhat.com/2075390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-6457.html", + "https://linux.oracle.com/cve/CVE-2022-0391.html", + "https://linux.oracle.com/errata/ELSA-2023-3550.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20220225-0009/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0391", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2022-02-09T23:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37454", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37454", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overflow in the SHA-3 reference implementation", + "Description": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2417", + "https://access.redhat.com/security/cve/CVE-2022-37454", + "https://bugzilla.redhat.com/2133687", + "https://bugzilla.redhat.com/2133688", + "https://bugzilla.redhat.com/2139280", + "https://bugzilla.redhat.com/2140200", + "https://bugzilla.redhat.com/2158791", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133687", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140200", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158791", + "https://csrc.nist.gov/projects/hash-functions/sha-3-project", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", + "https://eprint.iacr.org/2023/331", + "https://errata.almalinux.org/9/ALSA-2023-2417.html", + "https://errata.rockylinux.org/RLSA-2023:0965", + "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a", + "https://github.com/XKCP/XKCP/issues/105", + "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312", + "https://github.com/johanns/sha3/issues/17", + "https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd", + "https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (3.10-branch)", + "https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (3.7-branch)", + "https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (3.9-branch)", + "https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (3.8-branch)", + "https://github.com/python/cpython/issues/98517", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml", + "https://github.com/tiran/pysha3/issues/29", + "https://linux.oracle.com/cve/CVE-2022-37454.html", + "https://linux.oracle.com/errata/ELSA-2023-2903.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://mouha.be/sha-3-buffer-overflow/", + "https://news.ycombinator.com/item?id=33281106", + "https://news.ycombinator.com/item?id=35050307", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", + "https://security.gentoo.org/glsa/202305-02", + "https://ubuntu.com/security/notices/USN-5717-1", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-3", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://ubuntu.com/security/notices/USN-5930-1", + "https://ubuntu.com/security/notices/USN-5931-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37454", + "https://www.debian.org/security/2022/dsa-5267", + "https://www.debian.org/security/2022/dsa-5269" + ], + "PublishedDate": "2022-10-21T06:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45061", + "PkgID": "libpython3.6-stdlib@3.6.9-1~18.04ubuntu1.3", + "PkgName": "libpython3.6-stdlib", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45061", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "CPU denial of service via inefficient IDNA decoder", + "Description": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0953", + "https://access.redhat.com/security/cve/CVE-2022-45061", + "https://bugzilla.redhat.com/2144072", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144072", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061", + "https://errata.almalinux.org/9/ALSA-2023-0953.html", + "https://errata.rockylinux.org/RLSA-2023:0953", + "https://github.com/python/cpython/issues/98433", + "https://github.com/python/cpython/pull/99092", + "https://github.com/python/cpython/pull/99230 (3.9-branch)", + "https://github.com/python/cpython/pull/99231 (3.8-branch)", + "https://linux.oracle.com/cve/CVE-2022-45061.html", + "https://linux.oracle.com/errata/ELSA-2023-2860.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", + "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20221209-0007/", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-2", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45061" + ], + "PublishedDate": "2022-11-09T07:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16860", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16860", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: S4U2Self with unkeyed checksum", + "Description": "A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-358" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html", + "http://seclists.org/fulldisclosure/2019/Aug/11", + "http://seclists.org/fulldisclosure/2019/Aug/13", + "http://seclists.org/fulldisclosure/2019/Aug/14", + "http://seclists.org/fulldisclosure/2019/Aug/15", + "https://access.redhat.com/security/cve/CVE-2018-16860", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860", + "https://nvd.nist.gov/vuln/detail/CVE-2018-16860", + "https://seclists.org/bugtraq/2019/Aug/21", + "https://seclists.org/bugtraq/2019/Aug/22", + "https://seclists.org/bugtraq/2019/Aug/23", + "https://seclists.org/bugtraq/2019/Aug/25", + "https://security.gentoo.org/glsa/202003-52", + "https://support.apple.com/HT210346", + "https://support.apple.com/HT210348", + "https://support.apple.com/HT210351", + "https://support.apple.com/HT210353", + "https://ubuntu.com/security/notices/USN-3976-1", + "https://ubuntu.com/security/notices/USN-3976-2", + "https://ubuntu.com/security/notices/USN-5675-1", + "https://www.cve.org/CVERecord?id=CVE-2018-16860", + "https://www.samba.org/samba/security/CVE-2018-16860.html", + "https://www.synology.com/security/advisory/Synology_SA_19_23" + ], + "PublishedDate": "2019-07-31T15:15:00Z", + "LastModifiedDate": "2019-08-14T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-44758", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44758", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ...", + "Description": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758", + "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44758", + "https://ubuntu.com/security/notices/USN-5800-1" + ], + "PublishedDate": "2022-12-26T05:15:00Z", + "LastModifiedDate": "2023-01-05T02:50:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3116", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3116", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Description": "The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3116", + "https://kb.cert.org/vuls/id/730793", + "https://security.netapp.com/advisory/ntap-20230505-0010/", + "https://ubuntu.com/security/notices/USN-5675-1", + "https://www.kb.cert.org/vuls/id/730793" + ], + "PublishedDate": "2023-03-27T22:15:00Z", + "LastModifiedDate": "2023-05-05T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3437", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3437", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal", + "Description": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787", + "CWE-122" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/02/08/1", + "https://access.redhat.com/security/cve/CVE-2022-3437", + "https://bugzilla.redhat.com/show_bug.cgi?id=2137774", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3437", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3437", + "https://www.samba.org/samba/security/CVE-2022-3437.html" + ], + "PublishedDate": "2023-01-12T15:15:00Z", + "LastModifiedDate": "2023-02-16T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41916", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.2", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41916", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...", + "Description": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41916", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5766-1", + "https://www.debian.org/security/2022/dsa-5287" + ], + "PublishedDate": "2022-11-15T23:15:00Z", + "LastModifiedDate": "2023-02-16T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8637", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-44640", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44640", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...", + "Description": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4", + "https://nvd.nist.gov/vuln/detail/CVE-2022-44640", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5800-1" + ], + "PublishedDate": "2022-12-25T05:15:00Z", + "LastModifiedDate": "2023-05-16T11:03:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45142", + "PkgID": "libroken18-heimdal@7.5.0+dfsg-1", + "PkgName": "libroken18-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45142", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: CVE-2022-3437 fix introduced a logic inversion", + "Description": "The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45142", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45142", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45142", + "https://ubuntu.com/security/notices/USN-5849-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45142", + "https://www.openwall.com/lists/oss-security/2023/02/08/1" + ], + "PublishedDate": "2023-03-06T23:15:00Z", + "LastModifiedDate": "2023-03-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2022-24407", + "PkgID": "libsasl2-2@2.1.27~101-g0780600+dfsg-3ubuntu2.1", + "PkgName": "libsasl2-2", + "InstalledVersion": "2.1.27~101-g0780600+dfsg-3ubuntu2.1", + "FixedVersion": "2.1.27~101-g0780600+dfsg-3ubuntu2.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24407", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands", + "Description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-89" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.5, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2022/02/23/4", + "https://access.redhat.com/security/cve/CVE-2022-24407", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407", + "https://errata.almalinux.org/8/ALSA-2022-0658.html", + "https://errata.rockylinux.org/RLSA-2022:0658", + "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst", + "https://linux.oracle.com/cve/CVE-2022-24407.html", + "https://linux.oracle.com/errata/ELSA-2022-9239.html", + "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24407", + "https://security.netapp.com/advisory/ntap-20221007-0003/", + "https://ubuntu.com/security/notices/USN-5301-1", + "https://ubuntu.com/security/notices/USN-5301-2", + "https://www.cve.org/CVERecord?id=CVE-2022-24407", + "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28", + "https://www.debian.org/security/2022/dsa-5087", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-02-24T15:15:00Z", + "LastModifiedDate": "2022-11-07T17:28:00Z" + }, + { + "VulnerabilityID": "CVE-2022-24407", + "PkgID": "libsasl2-modules-db@2.1.27~101-g0780600+dfsg-3ubuntu2.1", + "PkgName": "libsasl2-modules-db", + "InstalledVersion": "2.1.27~101-g0780600+dfsg-3ubuntu2.1", + "FixedVersion": "2.1.27~101-g0780600+dfsg-3ubuntu2.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24407", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands", + "Description": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-89" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6.5, + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2022/02/23/4", + "https://access.redhat.com/security/cve/CVE-2022-24407", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407", + "https://errata.almalinux.org/8/ALSA-2022-0658.html", + "https://errata.rockylinux.org/RLSA-2022:0658", + "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst", + "https://linux.oracle.com/cve/CVE-2022-24407.html", + "https://linux.oracle.com/errata/ELSA-2022-9239.html", + "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24407", + "https://security.netapp.com/advisory/ntap-20221007-0003/", + "https://ubuntu.com/security/notices/USN-5301-1", + "https://ubuntu.com/security/notices/USN-5301-2", + "https://www.cve.org/CVERecord?id=CVE-2022-24407", + "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28", + "https://www.debian.org/security/2022/dsa-5087", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-02-24T15:15:00Z", + "LastModifiedDate": "2022-11-07T17:28:00Z" + }, + { + "VulnerabilityID": "CVE-2020-35525", + "PkgID": "libsqlite3-0@3.22.0-1ubuntu0.4", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.22.0-1ubuntu0.4", + "FixedVersion": "3.22.0-1ubuntu0.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-35525", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Null pointer derreference in src/select.c", + "Description": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:7108", + "https://access.redhat.com/security/cve/CVE-2020-35525", + "https://bugzilla.redhat.com/2122324", + "https://bugzilla.redhat.com/2122329", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122324", + "https://bugzilla.redhat.com/show_bug.cgi?id=2122329", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35525", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35527", + "https://errata.almalinux.org/8/ALSA-2022-7108.html", + "https://errata.rockylinux.org/RLSA-2022:7108", + "https://linux.oracle.com/cve/CVE-2020-35525.html", + "https://linux.oracle.com/errata/ELSA-2022-7108.html", + "https://nvd.nist.gov/vuln/detail/CVE-2020-35525", + "https://security.netapp.com/advisory/ntap-20230706-0007/", + "https://ubuntu.com/security/notices/USN-5615-1", + "https://ubuntu.com/security/notices/USN-5615-2", + "https://www.cve.org/CVERecord?id=CVE-2020-35525", + "https://www.sqlite.org/src/info/a67cf5b7d37d5b14" + ], + "PublishedDate": "2022-09-01T18:15:00Z", + "LastModifiedDate": "2023-07-06T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-35737", + "PkgID": "libsqlite3-0@3.22.0-1ubuntu0.4", + "PkgName": "libsqlite3-0", + "InstalledVersion": "3.22.0-1ubuntu0.4", + "FixedVersion": "3.22.0-1ubuntu0.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-35737", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "an array-bounds overflow if billions of bytes are used in a string argument to a C API", + "Description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-129" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0339", + "https://access.redhat.com/security/cve/CVE-2022-35737", + "https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/", + "https://bugzilla.redhat.com/2110291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2110291", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35737", + "https://errata.almalinux.org/9/ALSA-2023-0339.html", + "https://errata.rockylinux.org/RLSA-2023:0339", + "https://github.com/advisories/GHSA-jw36-hf63-69r9", + "https://kb.cert.org/vuls/id/720344", + "https://linux.oracle.com/cve/CVE-2022-35737.html", + "https://linux.oracle.com/errata/ELSA-2023-0339.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-35737", + "https://rustsec.org/advisories/RUSTSEC-2022-0090.html", + "https://security.gentoo.org/glsa/202210-40", + "https://security.netapp.com/advisory/ntap-20220915-0009/", + "https://sqlite.org/releaselog/3_39_2.html", + "https://ubuntu.com/security/notices/USN-5712-1", + "https://ubuntu.com/security/notices/USN-5716-1", + "https://ubuntu.com/security/notices/USN-5716-2", + "https://www.cve.org/CVERecord?id=CVE-2022-35737", + "https://www.sqlite.org/cves.html", + "https://www.sqlite.org/releaselog/3_39_2.html" + ], + "PublishedDate": "2022-08-03T06:15:00Z", + "LastModifiedDate": "2022-11-16T20:01:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1304", + "PkgID": "libss2@1.44.1-1ubuntu1.3", + "PkgName": "libss2", + "InstalledVersion": "1.44.1-1ubuntu1.3", + "FixedVersion": "1.44.1-1ubuntu1.4", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1304", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", + "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8361", + "https://access.redhat.com/security/cve/CVE-2022-1304", + "https://bugzilla.redhat.com/2069726", + "https://bugzilla.redhat.com/show_bug.cgi?id=2069726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304", + "https://errata.almalinux.org/9/ALSA-2022-8361.html", + "https://errata.rockylinux.org/RLSA-2022:8361", + "https://linux.oracle.com/cve/CVE-2022-1304.html", + "https://linux.oracle.com/errata/ELSA-2022-8361.html", + "https://marc.info/?l=linux-ext4&m=165056234501732&w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1304", + "https://ubuntu.com/security/notices/USN-5464-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1304" + ], + "PublishedDate": "2022-04-14T21:15:00Z", + "LastModifiedDate": "2023-02-12T22:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1971", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1971", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: EDIPARTYNAME NULL pointer de-reference", + "Description": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/09/14/2", + "https://access.redhat.com/security/cve/CVE-2020-1971", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", + "https://linux.oracle.com/cve/CVE-2020-1971.html", + "https://linux.oracle.com/errata/ELSA-2021-9150.html", + "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E", + "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", + "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", + "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", + "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", + "https://security.gentoo.org/glsa/202012-13", + "https://security.netapp.com/advisory/ntap-20201218-0005/", + "https://security.netapp.com/advisory/ntap-20210513-0002/", + "https://ubuntu.com/security/notices/USN-4662-1", + "https://ubuntu.com/security/notices/USN-4745-1", + "https://www.cve.org/CVERecord?id=CVE-2020-1971", + "https://www.debian.org/security/2020/dsa-4807", + "https://www.openssl.org/news/secadv/20201208.txt", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2020-11", + "https://www.tenable.com/security/tns-2021-09", + "https://www.tenable.com/security/tns-2021-10" + ], + "PublishedDate": "2020-12-08T16:15:00Z", + "LastModifiedDate": "2022-08-29T20:27:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3449", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3449", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: NULL pointer dereference in signature_algorithms processing", + "Description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/03/27/1", + "http://www.openwall.com/lists/oss-security/2021/03/27/2", + "http://www.openwall.com/lists/oss-security/2021/03/28/3", + "http://www.openwall.com/lists/oss-security/2021/03/28/4", + "https://access.redhat.com/security/cve/CVE-2021-3449", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148", + "https://github.com/advisories/GHSA-83mx-573x-5rw9", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", + "https://linux.oracle.com/cve/CVE-2021-3449.html", + "https://linux.oracle.com/errata/ELSA-2021-9151.html", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", + "https://rustsec.org/advisories/RUSTSEC-2021-0055", + "https://rustsec.org/advisories/RUSTSEC-2021-0055.html", + "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", + "https://security.gentoo.org/glsa/202103-03", + "https://security.netapp.com/advisory/ntap-20210326-0006/", + "https://security.netapp.com/advisory/ntap-20210513-0002/", + "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", + "https://ubuntu.com/security/notices/USN-4891-1", + "https://ubuntu.com/security/notices/USN-5038-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3449", + "https://www.debian.org/security/2021/dsa-4875", + "https://www.openssl.org/news/secadv/20210325.txt", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-05", + "https://www.tenable.com/security/tns-2021-06", + "https://www.tenable.com/security/tns-2021-09", + "https://www.tenable.com/security/tns-2021-10" + ], + "PublishedDate": "2021-03-25T15:15:00Z", + "LastModifiedDate": "2022-08-29T20:27:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3711", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.13", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3711", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: SM2 Decryption Buffer Overflow", + "Description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/08/26/2", + "https://access.redhat.com/security/cve/CVE-2021-3711", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", + "https://github.com/advisories/GHSA-5ww6-px42-wc85", + "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", + "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3711", + "https://rustsec.org/advisories/RUSTSEC-2021-0097.html", + "https://security.gentoo.org/glsa/202209-02", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20210827-0010/", + "https://security.netapp.com/advisory/ntap-20211022-0003/", + "https://ubuntu.com/security/notices/USN-5051-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3711", + "https://www.debian.org/security/2021/dsa-4963", + "https://www.openssl.org/news/secadv/20210824.txt", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-16", + "https://www.tenable.com/security/tns-2022-02" + ], + "PublishedDate": "2021-08-24T15:15:00Z", + "LastModifiedDate": "2022-12-06T21:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0778", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.15", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0778", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "Description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", + "http://seclists.org/fulldisclosure/2022/May/33", + "http://seclists.org/fulldisclosure/2022/May/35", + "http://seclists.org/fulldisclosure/2022/May/38", + "https://access.redhat.com/errata/RHSA-2022:5326", + "https://access.redhat.com/security/cve/CVE-2022-0778", + "https://bugzilla.redhat.com/2062202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2062202", + "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", + "https://errata.almalinux.org/8/ALSA-2022-5326.html", + "https://errata.rockylinux.org/RLSA-2022:4899", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246", + "https://github.com/advisories/GHSA-x3mh-jvjw-3xwx", + "https://linux.oracle.com/cve/CVE-2022-0778.html", + "https://linux.oracle.com/errata/ELSA-2022-9272.html", + "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", + "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", + "https://rustsec.org/advisories/RUSTSEC-2022-0014.html", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220321-0002/", + "https://security.netapp.com/advisory/ntap-20220429-0005/", + "https://support.apple.com/kb/HT213255", + "https://support.apple.com/kb/HT213256", + "https://support.apple.com/kb/HT213257", + "https://ubuntu.com/security/notices/USN-5328-1", + "https://ubuntu.com/security/notices/USN-5328-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0778", + "https://www.debian.org/security/2022/dsa-5103", + "https://www.openssl.org/news/secadv/20220315.txt", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.tenable.com/security/tns-2022-06", + "https://www.tenable.com/security/tns-2022-07", + "https://www.tenable.com/security/tns-2022-08", + "https://www.tenable.com/security/tns-2022-09" + ], + "PublishedDate": "2022-03-15T17:15:00Z", + "LastModifiedDate": "2022-11-09T20:43:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:54:00Z" + }, + { + "VulnerabilityID": "CVE-2021-23841", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.8", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23841", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()", + "Description": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/67", + "http://seclists.org/fulldisclosure/2021/May/68", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2021-23841", + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2", + "https://github.com/advisories/GHSA-84rm-qf37-fgc2", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846", + "https://linux.oracle.com/cve/CVE-2021-23841.html", + "https://linux.oracle.com/errata/ELSA-2021-9561.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", + "https://rustsec.org/advisories/RUSTSEC-2021-0058", + "https://rustsec.org/advisories/RUSTSEC-2021-0058.html", + "https://security.gentoo.org/glsa/202103-03", + "https://security.netapp.com/advisory/ntap-20210219-0009/", + "https://security.netapp.com/advisory/ntap-20210513-0002/", + "https://support.apple.com/kb/HT212528", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212534", + "https://ubuntu.com/security/notices/USN-4738-1", + "https://ubuntu.com/security/notices/USN-4745-1", + "https://www.cve.org/CVERecord?id=CVE-2021-23841", + "https://www.debian.org/security/2021/dsa-4855", + "https://www.openssl.org/news/secadv/20210216.txt", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-03", + "https://www.tenable.com/security/tns-2021-09" + ], + "PublishedDate": "2021-02-16T17:15:00Z", + "LastModifiedDate": "2023-01-09T16:41:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3712", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.13", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3712", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: Read buffer overruns processing ASN.1 strings", + "Description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/08/26/2", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json", + "https://access.redhat.com/security/cve/CVE-2021-3712", + "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", + "https://github.com/advisories/GHSA-q9wj-f4qw-6vfj", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", + "https://linux.oracle.com/cve/CVE-2021-3712.html", + "https://linux.oracle.com/errata/ELSA-2022-9023.html", + "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", + "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", + "https://rustsec.org/advisories/RUSTSEC-2021-0098.html", + "https://security.gentoo.org/glsa/202209-02", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20210827-0010/", + "https://ubuntu.com/security/notices/USN-5051-1", + "https://ubuntu.com/security/notices/USN-5051-2", + "https://ubuntu.com/security/notices/USN-5051-3", + "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)", + "https://ubuntu.com/security/notices/USN-5088-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3712", + "https://www.debian.org/security/2021/dsa-4963", + "https://www.openssl.org/news/secadv/20210824.txt", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-16", + "https://www.tenable.com/security/tns-2022-02" + ], + "PublishedDate": "2021-08-24T15:15:00Z", + "LastModifiedDate": "2022-12-06T21:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1292", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.17", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1292", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "c_rehash script allows command injection", + "Description": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-1292", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", + "https://linux.oracle.com/cve/CVE-2022-1292.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/", + "https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1292", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220602-0009/", + "https://security.netapp.com/advisory/ntap-20220729-0004/", + "https://ubuntu.com/security/notices/USN-5402-1", + "https://ubuntu.com/security/notices/USN-5402-2", + "https://www.cve.org/CVERecord?id=CVE-2022-1292", + "https://www.debian.org/security/2022/dsa-5139", + "https://www.openssl.org/news/secadv/20220503.txt", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-05-03T16:15:00Z", + "LastModifiedDate": "2023-02-14T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2068", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.19", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2068", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "the c_rehash script allows command injection", + "Description": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2068", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7", + "https://linux.oracle.com/cve/CVE-2022-2068.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2068", + "https://security.netapp.com/advisory/ntap-20220707-0008/", + "https://ubuntu.com/security/notices/USN-5488-1", + "https://ubuntu.com/security/notices/USN-5488-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2068", + "https://www.debian.org/security/2022/dsa-5169", + "https://www.openssl.org/news/secadv/20220621.txt" + ], + "PublishedDate": "2022-06-21T15:15:00Z", + "LastModifiedDate": "2023-03-01T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2097", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.20", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2097", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "AES OCB fails to encrypt some bytes", + "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-326" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2097", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93", + "https://github.com/advisories/GHSA-3wx7-46ch-7rq2", + "https://linux.oracle.com/cve/CVE-2022-2097.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", + "https://rustsec.org/advisories/RUSTSEC-2022-0032.html", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220715-0011/", + "https://security.netapp.com/advisory/ntap-20230420-0008/", + "https://ubuntu.com/security/notices/USN-5502-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2097", + "https://www.debian.org/security/2023/dsa-5343", + "https://www.openssl.org/news/secadv/20220705.txt" + ], + "PublishedDate": "2022-07-05T11:15:00Z", + "LastModifiedDate": "2023-04-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", + "Severity": "MEDIUM", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:55:00Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libssl1.1@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.23", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-33910", + "PkgID": "libsystemd0@237-3ubuntu10.43", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.43", + "FixedVersion": "237-3ubuntu10.49", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33910", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", + "Description": "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", + "http://www.openwall.com/lists/oss-security/2021/08/04/2", + "http://www.openwall.com/lists/oss-security/2021/08/17/3", + "http://www.openwall.com/lists/oss-security/2021/09/07/3", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33910.json", + "https://access.redhat.com/security/cve/CVE-2021-33910", + "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910", + "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", + "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", + "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", + "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", + "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", + "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", + "https://linux.oracle.com/cve/CVE-2021-33910.html", + "https://linux.oracle.com/errata/ELSA-2021-2717.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-33910", + "https://security.gentoo.org/glsa/202107-48", + "https://security.netapp.com/advisory/ntap-20211104-0008/", + "https://ubuntu.com/security/notices/USN-5013-1", + "https://ubuntu.com/security/notices/USN-5013-2", + "https://www.cve.org/CVERecord?id=CVE-2021-33910", + "https://www.debian.org/security/2021/dsa-4942", + "https://www.openwall.com/lists/oss-security/2021/07/20/2", + "https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt" + ], + "PublishedDate": "2021-07-20T19:15:00Z", + "LastModifiedDate": "2022-06-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2526", + "PkgID": "libsystemd0@237-3ubuntu10.43", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.43", + "FixedVersion": "237-3ubuntu10.56", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2526", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c", + "Description": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6206", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json", + "https://access.redhat.com/security/cve/CVE-2022-2526", + "https://bugzilla.redhat.com/2109926", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526", + "https://errata.almalinux.org/8/ALSA-2022-6206.html", + "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", + "https://linux.oracle.com/cve/CVE-2022-2526.html", + "https://linux.oracle.com/errata/ELSA-2022-6206.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2526", + "https://security.netapp.com/advisory/ntap-20221111-0005/", + "https://ubuntu.com/security/notices/USN-5583-1", + "https://ubuntu.com/security/notices/USN-5583-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2526" + ], + "PublishedDate": "2022-09-09T15:15:00Z", + "LastModifiedDate": "2023-01-20T03:17:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3821", + "PkgID": "libsystemd0@237-3ubuntu10.43", + "PkgName": "libsystemd0", + "InstalledVersion": "237-3ubuntu10.43", + "FixedVersion": "237-3ubuntu10.57", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3821", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overrun in format_timespan() function", + "Description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0336", + "https://access.redhat.com/security/cve/CVE-2022-3821", + "https://bugzilla.redhat.com/2139327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3821", + "https://errata.almalinux.org/9/ALSA-2023-0336.html", + "https://errata.rockylinux.org/RLSA-2023:0336", + "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", + "https://github.com/systemd/systemd/issues/23928", + "https://github.com/systemd/systemd/pull/23933", + "https://linux.oracle.com/cve/CVE-2022-3821.html", + "https://linux.oracle.com/errata/ELSA-2023-0336.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3821", + "https://security.gentoo.org/glsa/202305-15", + "https://ubuntu.com/security/notices/USN-5928-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3821" + ], + "PublishedDate": "2022-11-08T22:15:00Z", + "LastModifiedDate": "2023-06-29T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libtinfo5@6.1-1ubuntu1.18.04", + "PkgName": "libtinfo5", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "FixedVersion": "6.1-1ubuntu1.18.04.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:00Z", + "LastModifiedDate": "2023-05-17T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-33910", + "PkgID": "libudev1@237-3ubuntu10.43", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.43", + "FixedVersion": "237-3ubuntu10.49", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33910", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash", + "Description": "basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.9, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html", + "http://www.openwall.com/lists/oss-security/2021/08/04/2", + "http://www.openwall.com/lists/oss-security/2021/08/17/3", + "http://www.openwall.com/lists/oss-security/2021/09/07/3", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33910.json", + "https://access.redhat.com/security/cve/CVE-2021-33910", + "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33910", + "https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b", + "https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce", + "https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538", + "https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61", + "https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b", + "https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9", + "https://linux.oracle.com/cve/CVE-2021-33910.html", + "https://linux.oracle.com/errata/ELSA-2021-2717.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-33910", + "https://security.gentoo.org/glsa/202107-48", + "https://security.netapp.com/advisory/ntap-20211104-0008/", + "https://ubuntu.com/security/notices/USN-5013-1", + "https://ubuntu.com/security/notices/USN-5013-2", + "https://www.cve.org/CVERecord?id=CVE-2021-33910", + "https://www.debian.org/security/2021/dsa-4942", + "https://www.openwall.com/lists/oss-security/2021/07/20/2", + "https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt" + ], + "PublishedDate": "2021-07-20T19:15:00Z", + "LastModifiedDate": "2022-06-14T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2526", + "PkgID": "libudev1@237-3ubuntu10.43", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.43", + "FixedVersion": "237-3ubuntu10.56", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2526", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c", + "Description": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6206", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json", + "https://access.redhat.com/security/cve/CVE-2022-2526", + "https://bugzilla.redhat.com/2109926", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526", + "https://errata.almalinux.org/8/ALSA-2022-6206.html", + "https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c", + "https://linux.oracle.com/cve/CVE-2022-2526.html", + "https://linux.oracle.com/errata/ELSA-2022-6206.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2526", + "https://security.netapp.com/advisory/ntap-20221111-0005/", + "https://ubuntu.com/security/notices/USN-5583-1", + "https://ubuntu.com/security/notices/USN-5583-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2526" + ], + "PublishedDate": "2022-09-09T15:15:00Z", + "LastModifiedDate": "2023-01-20T03:17:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3821", + "PkgID": "libudev1@237-3ubuntu10.43", + "PkgName": "libudev1", + "InstalledVersion": "237-3ubuntu10.43", + "FixedVersion": "237-3ubuntu10.57", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3821", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overrun in format_timespan() function", + "Description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0336", + "https://access.redhat.com/security/cve/CVE-2022-3821", + "https://bugzilla.redhat.com/2139327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3821", + "https://errata.almalinux.org/9/ALSA-2023-0336.html", + "https://errata.rockylinux.org/RLSA-2023:0336", + "https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e", + "https://github.com/systemd/systemd/issues/23928", + "https://github.com/systemd/systemd/pull/23933", + "https://linux.oracle.com/cve/CVE-2022-3821.html", + "https://linux.oracle.com/errata/ELSA-2023-0336.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00036.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3821", + "https://security.gentoo.org/glsa/202305-15", + "https://ubuntu.com/security/notices/USN-5928-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3821" + ], + "PublishedDate": "2022-11-08T22:15:00Z", + "LastModifiedDate": "2023-06-29T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2018-16860", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-16860", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: S4U2Self with unkeyed checksum", + "Description": "A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept the request to the KDC and replace the user name (principal) in the request with any desired user name (principal) that exists in the KDC effectively obtaining a ticket for that principal.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-358" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 6, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00026.html", + "http://seclists.org/fulldisclosure/2019/Aug/11", + "http://seclists.org/fulldisclosure/2019/Aug/13", + "http://seclists.org/fulldisclosure/2019/Aug/14", + "http://seclists.org/fulldisclosure/2019/Aug/15", + "https://access.redhat.com/security/cve/CVE-2018-16860", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16860", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16860", + "https://nvd.nist.gov/vuln/detail/CVE-2018-16860", + "https://seclists.org/bugtraq/2019/Aug/21", + "https://seclists.org/bugtraq/2019/Aug/22", + "https://seclists.org/bugtraq/2019/Aug/23", + "https://seclists.org/bugtraq/2019/Aug/25", + "https://security.gentoo.org/glsa/202003-52", + "https://support.apple.com/HT210346", + "https://support.apple.com/HT210348", + "https://support.apple.com/HT210351", + "https://support.apple.com/HT210353", + "https://ubuntu.com/security/notices/USN-3976-1", + "https://ubuntu.com/security/notices/USN-3976-2", + "https://ubuntu.com/security/notices/USN-5675-1", + "https://www.cve.org/CVERecord?id=CVE-2018-16860", + "https://www.samba.org/samba/security/CVE-2018-16860.html", + "https://www.synology.com/security/advisory/Synology_SA_19_23" + ], + "PublishedDate": "2019-07-31T15:15:00Z", + "LastModifiedDate": "2019-08-14T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-44758", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44758", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ...", + "Description": "Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758", + "https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44758", + "https://ubuntu.com/security/notices/USN-5800-1" + ], + "PublishedDate": "2022-12-26T05:15:00Z", + "LastModifiedDate": "2023-01-05T02:50:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3116", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3116", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Description": "The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3116", + "https://kb.cert.org/vuls/id/730793", + "https://security.netapp.com/advisory/ntap-20230505-0010/", + "https://ubuntu.com/security/notices/USN-5675-1", + "https://www.kb.cert.org/vuls/id/730793" + ], + "PublishedDate": "2023-03-27T22:15:00Z", + "LastModifiedDate": "2023-05-05T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-3437", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3437", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: heap buffer overflow in GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal", + "Description": "A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787", + "CWE-122" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/02/08/1", + "https://access.redhat.com/security/cve/CVE-2022-3437", + "https://bugzilla.redhat.com/show_bug.cgi?id=2137774", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3437", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3437", + "https://www.samba.org/samba/security/CVE-2022-3437.html" + ], + "PublishedDate": "2023-01-12T15:15:00Z", + "LastModifiedDate": "2023-02-16T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-41916", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.2", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41916", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...", + "Description": "Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00034.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41916", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5766-1", + "https://www.debian.org/security/2022/dsa-5287" + ], + "PublishedDate": "2022-11-15T23:15:00Z", + "LastModifiedDate": "2023-02-16T14:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-42898", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-42898", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "integer overflow vulnerabilities in PAC parsing", + "Description": "PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has \"a similar bug.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8637", + "https://access.redhat.com/security/cve/CVE-2022-42898", + "https://bugzilla.redhat.com/2140960", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", + "https://bugzilla.samba.org/show_bug.cgi?id=15203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", + "https://errata.almalinux.org/9/ALSA-2022-8637.html", + "https://errata.rockylinux.org/RLSA-2022:8637", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", + "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", + "https://linux.oracle.com/cve/CVE-2022-42898.html", + "https://linux.oracle.com/errata/ELSA-2023-12104.html", + "https://mailman.mit.edu/pipermail/krbdev/2022-November/013576.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-42898", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://security.netapp.com/advisory/ntap-20230223-0001/", + "https://ubuntu.com/security/notices/USN-5800-1", + "https://ubuntu.com/security/notices/USN-5822-1", + "https://ubuntu.com/security/notices/USN-5822-2", + "https://ubuntu.com/security/notices/USN-5828-1", + "https://ubuntu.com/security/notices/USN-5936-1", + "https://web.mit.edu/kerberos/advisories/", + "https://web.mit.edu/kerberos/krb5-1.19/", + "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", + "https://www.cve.org/CVERecord?id=CVE-2022-42898", + "https://www.samba.org/samba/security/CVE-2022-42898.html" + ], + "PublishedDate": "2022-12-25T06:15:00Z", + "LastModifiedDate": "2023-02-23T19:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-44640", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.3", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-44640", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...", + "Description": "Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).", + "Severity": "MEDIUM", + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640", + "https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4", + "https://nvd.nist.gov/vuln/detail/CVE-2022-44640", + "https://security.netapp.com/advisory/ntap-20230216-0008/", + "https://ubuntu.com/security/notices/USN-5800-1" + ], + "PublishedDate": "2022-12-25T05:15:00Z", + "LastModifiedDate": "2023-05-16T11:03:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45142", + "PkgID": "libwind0-heimdal@7.5.0+dfsg-1", + "PkgName": "libwind0-heimdal", + "InstalledVersion": "7.5.0+dfsg-1", + "FixedVersion": "7.5.0+dfsg-1ubuntu0.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45142", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "samba: CVE-2022-3437 fix introduced a logic inversion", + "Description": "The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding \"!= 0\" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-45142", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45142", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45142", + "https://ubuntu.com/security/notices/USN-5849-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45142", + "https://www.openwall.com/lists/oss-security/2023/02/08/1" + ], + "PublishedDate": "2023-03-06T23:15:00Z", + "LastModifiedDate": "2023-03-13T18:02:00Z" + }, + { + "VulnerabilityID": "CVE-2021-24031", + "PkgID": "libzstd1@1.3.3+dfsg-2ubuntu1.1", + "PkgName": "libzstd1", + "InstalledVersion": "1.3.3+dfsg-2ubuntu1.1", + "FixedVersion": "1.3.3+dfsg-2ubuntu1.2", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-24031", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "adds read permissions to files while being compressed or uncompressed", + "Description": "In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-276" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 2.1, + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-24031", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24031", + "https://github.com/facebook/zstd/issues/1630", + "https://nvd.nist.gov/vuln/detail/CVE-2021-24031", + "https://ubuntu.com/security/notices/USN-4760-1", + "https://ubuntu.com/security/notices/USN-5720-1", + "https://www.cve.org/CVERecord?id=CVE-2021-24031", + "https://www.facebook.com/security/advisories/cve-2021-24031" + ], + "PublishedDate": "2021-03-04T21:15:00Z", + "LastModifiedDate": "2021-04-14T15:28:00Z" + }, + { + "VulnerabilityID": "CVE-2021-24032", + "PkgID": "libzstd1@1.3.3+dfsg-2ubuntu1.1", + "PkgName": "libzstd1", + "InstalledVersion": "1.3.3+dfsg-2ubuntu1.1", + "FixedVersion": "1.3.3+dfsg-2ubuntu1.2", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-24032", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Race condition allows attacker to access world-readable destination file", + "Description": "Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-276" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V2Score": 1.9, + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-24032", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982519", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24032", + "https://github.com/facebook/zstd/issues/2491", + "https://nvd.nist.gov/vuln/detail/CVE-2021-24032", + "https://ubuntu.com/security/notices/USN-4760-1", + "https://ubuntu.com/security/notices/USN-5720-1", + "https://www.cve.org/CVERecord?id=CVE-2021-24032", + "https://www.facebook.com/security/advisories/cve-2021-24032" + ], + "PublishedDate": "2021-03-04T21:15:00Z", + "LastModifiedDate": "2021-04-28T20:04:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3999", + "PkgID": "multiarch-support@2.27-3ubuntu1.3", + "PkgName": "multiarch-support", + "InstalledVersion": "2.27-3ubuntu1.3", + "FixedVersion": "2.27-3ubuntu1.5", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3999", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Off-by-one buffer overflow/underflow in getcwd()", + "Description": "A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json", + "https://access.redhat.com/security/cve/CVE-2021-3999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2024637", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999", + "https://linux.oracle.com/cve/CVE-2021-3999.html", + "https://linux.oracle.com/errata/ELSA-2022-9234.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3999", + "https://security-tracker.debian.org/tracker/CVE-2021-3999", + "https://security.netapp.com/advisory/ntap-20221104-0001/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28769", + "https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e", + "https://ubuntu.com/security/notices/USN-5310-1", + "https://ubuntu.com/security/notices/USN-5310-2", + "https://www.cve.org/CVERecord?id=CVE-2021-3999", + "https://www.openwall.com/lists/oss-security/2022/01/24/4" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-02-12T23:43:00Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "ncurses-base@6.1-1ubuntu1.18.04", + "PkgName": "ncurses-base", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "FixedVersion": "6.1-1ubuntu1.18.04.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:00Z", + "LastModifiedDate": "2023-05-17T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "ncurses-bin@6.1-1ubuntu1.18.04", + "PkgName": "ncurses-bin", + "InstalledVersion": "6.1-1ubuntu1.18.04", + "FixedVersion": "6.1-1ubuntu1.18.04.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29491", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:00Z", + "LastModifiedDate": "2023-05-17T20:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-1971", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-1971", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: EDIPARTYNAME NULL pointer de-reference", + "Description": "The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/09/14/2", + "https://access.redhat.com/security/cve/CVE-2020-1971", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676", + "https://linux.oracle.com/cve/CVE-2020-1971.html", + "https://linux.oracle.com/errata/ELSA-2021-9150.html", + "https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b750c@%3Cdev.tomcat.apache.org%3E", + "https://lists.apache.org/thread.html/rbb769f771711fb274e0a4acb1b5911c8aab544a6ac5e8c12d40c5143@%3Ccommits.pulsar.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2020/12/msg00020.html", + "https://lists.debian.org/debian-lts-announce/2020/12/msg00021.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DGSI34Y5LQ5RYXN4M2I5ZQT65LFVDOUU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWPSSZNZOBJU2YR6Z4TGHXKYW3YP5QG7/", + "https://nvd.nist.gov/vuln/detail/CVE-2020-1971", + "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:33.openssl.asc", + "https://security.gentoo.org/glsa/202012-13", + "https://security.netapp.com/advisory/ntap-20201218-0005/", + "https://security.netapp.com/advisory/ntap-20210513-0002/", + "https://ubuntu.com/security/notices/USN-4662-1", + "https://ubuntu.com/security/notices/USN-4745-1", + "https://www.cve.org/CVERecord?id=CVE-2020-1971", + "https://www.debian.org/security/2020/dsa-4807", + "https://www.openssl.org/news/secadv/20201208.txt", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2021.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2020-11", + "https://www.tenable.com/security/tns-2021-09", + "https://www.tenable.com/security/tns-2021-10" + ], + "PublishedDate": "2020-12-08T16:15:00Z", + "LastModifiedDate": "2022-08-29T20:27:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3449", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3449", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: NULL pointer dereference in signature_algorithms processing", + "Description": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/03/27/1", + "http://www.openwall.com/lists/oss-security/2021/03/27/2", + "http://www.openwall.com/lists/oss-security/2021/03/28/3", + "http://www.openwall.com/lists/oss-security/2021/03/28/4", + "https://access.redhat.com/security/cve/CVE-2021-3449", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148", + "https://github.com/advisories/GHSA-83mx-573x-5rw9", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10356", + "https://linux.oracle.com/cve/CVE-2021-3449.html", + "https://linux.oracle.com/errata/ELSA-2021-9151.html", + "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3449", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013", + "https://rustsec.org/advisories/RUSTSEC-2021-0055", + "https://rustsec.org/advisories/RUSTSEC-2021-0055.html", + "https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc", + "https://security.gentoo.org/glsa/202103-03", + "https://security.netapp.com/advisory/ntap-20210326-0006/", + "https://security.netapp.com/advisory/ntap-20210513-0002/", + "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd", + "https://ubuntu.com/security/notices/USN-4891-1", + "https://ubuntu.com/security/notices/USN-5038-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3449", + "https://www.debian.org/security/2021/dsa-4875", + "https://www.openssl.org/news/secadv/20210325.txt", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-05", + "https://www.tenable.com/security/tns-2021-06", + "https://www.tenable.com/security/tns-2021-09", + "https://www.tenable.com/security/tns-2021-10" + ], + "PublishedDate": "2021-03-25T15:15:00Z", + "LastModifiedDate": "2022-08-29T20:27:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3711", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.13", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3711", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: SM2 Decryption Buffer Overflow", + "Description": "In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/08/26/2", + "https://access.redhat.com/security/cve/CVE-2021-3711", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3711", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46", + "https://github.com/advisories/GHSA-5ww6-px42-wc85", + "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", + "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3711", + "https://rustsec.org/advisories/RUSTSEC-2021-0097.html", + "https://security.gentoo.org/glsa/202209-02", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20210827-0010/", + "https://security.netapp.com/advisory/ntap-20211022-0003/", + "https://ubuntu.com/security/notices/USN-5051-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3711", + "https://www.debian.org/security/2021/dsa-4963", + "https://www.openssl.org/news/secadv/20210824.txt", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-16", + "https://www.tenable.com/security/tns-2022-02" + ], + "PublishedDate": "2021-08-24T15:15:00Z", + "LastModifiedDate": "2022-12-06T21:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0778", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.15", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0778", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Infinite loop in BN_mod_sqrt() reachable when parsing certificates", + "Description": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html", + "http://seclists.org/fulldisclosure/2022/May/33", + "http://seclists.org/fulldisclosure/2022/May/35", + "http://seclists.org/fulldisclosure/2022/May/38", + "https://access.redhat.com/errata/RHSA-2022:5326", + "https://access.redhat.com/security/cve/CVE-2022-0778", + "https://bugzilla.redhat.com/2062202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2062202", + "https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778", + "https://errata.almalinux.org/8/ALSA-2022-5326.html", + "https://errata.rockylinux.org/RLSA-2022:4899", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246", + "https://github.com/advisories/GHSA-x3mh-jvjw-3xwx", + "https://linux.oracle.com/cve/CVE-2022-0778.html", + "https://linux.oracle.com/errata/ELSA-2022-9272.html", + "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html", + "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0778", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002", + "https://rustsec.org/advisories/RUSTSEC-2022-0014.html", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220321-0002/", + "https://security.netapp.com/advisory/ntap-20220429-0005/", + "https://support.apple.com/kb/HT213255", + "https://support.apple.com/kb/HT213256", + "https://support.apple.com/kb/HT213257", + "https://ubuntu.com/security/notices/USN-5328-1", + "https://ubuntu.com/security/notices/USN-5328-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0778", + "https://www.debian.org/security/2022/dsa-5103", + "https://www.openssl.org/news/secadv/20220315.txt", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.tenable.com/security/tns-2022-06", + "https://www.tenable.com/security/tns-2022-07", + "https://www.tenable.com/security/tns-2022-08", + "https://www.tenable.com/security/tns-2022-09" + ], + "PublishedDate": "2022-03-15T17:15:00Z", + "LastModifiedDate": "2022-11-09T20:43:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:54:00Z" + }, + { + "VulnerabilityID": "CVE-2021-23841", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.8", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23841", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: NULL pointer dereference in X509_issuer_and_serial_hash()", + "Description": "The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4.3, + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2021/May/67", + "http://seclists.org/fulldisclosure/2021/May/68", + "http://seclists.org/fulldisclosure/2021/May/70", + "https://access.redhat.com/security/cve/CVE-2021-23841", + "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=122a19ab48091c657f7cb1fb3af9fc07bd557bbf", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8252ee4d90f3f2004d3d0aeeed003ad49c9a7807", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2", + "https://github.com/advisories/GHSA-84rm-qf37-fgc2", + "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846", + "https://linux.oracle.com/cve/CVE-2021-23841.html", + "https://linux.oracle.com/errata/ELSA-2021-9561.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-23841", + "https://rustsec.org/advisories/RUSTSEC-2021-0058", + "https://rustsec.org/advisories/RUSTSEC-2021-0058.html", + "https://security.gentoo.org/glsa/202103-03", + "https://security.netapp.com/advisory/ntap-20210219-0009/", + "https://security.netapp.com/advisory/ntap-20210513-0002/", + "https://support.apple.com/kb/HT212528", + "https://support.apple.com/kb/HT212529", + "https://support.apple.com/kb/HT212534", + "https://ubuntu.com/security/notices/USN-4738-1", + "https://ubuntu.com/security/notices/USN-4745-1", + "https://www.cve.org/CVERecord?id=CVE-2021-23841", + "https://www.debian.org/security/2021/dsa-4855", + "https://www.openssl.org/news/secadv/20210216.txt", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpuApr2021.html", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-03", + "https://www.tenable.com/security/tns-2021-09" + ], + "PublishedDate": "2021-02-16T17:15:00Z", + "LastModifiedDate": "2023-01-09T16:41:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3712", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.13", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3712", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "openssl: Read buffer overruns processing ASN.1 strings", + "Description": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V2Score": 5.8, + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2021/08/26/2", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3712.json", + "https://access.redhat.com/security/cve/CVE-2021-3712", + "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf", + "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3712", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ccb0a11145ee72b042d10593a64eaf9e8a55ec12", + "https://github.com/advisories/GHSA-q9wj-f4qw-6vfj", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10366", + "https://linux.oracle.com/cve/CVE-2021-3712.html", + "https://linux.oracle.com/errata/ELSA-2022-9023.html", + "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e@%3Cdev.tomcat.apache.org%3E", + "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1@%3Cdev.tomcat.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html", + "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3712", + "https://rustsec.org/advisories/RUSTSEC-2021-0098.html", + "https://security.gentoo.org/glsa/202209-02", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20210827-0010/", + "https://ubuntu.com/security/notices/USN-5051-1", + "https://ubuntu.com/security/notices/USN-5051-2", + "https://ubuntu.com/security/notices/USN-5051-3", + "https://ubuntu.com/security/notices/USN-5051-4 (regression only in trusty/esm)", + "https://ubuntu.com/security/notices/USN-5088-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3712", + "https://www.debian.org/security/2021/dsa-4963", + "https://www.openssl.org/news/secadv/20210824.txt", + "https://www.oracle.com/security-alerts/cpuapr2022.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html", + "https://www.tenable.com/security/tns-2021-16", + "https://www.tenable.com/security/tns-2022-02" + ], + "PublishedDate": "2021-08-24T15:15:00Z", + "LastModifiedDate": "2022-12-06T21:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1292", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.17", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1292", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "c_rehash script allows command injection", + "Description": "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-1292", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23", + "https://linux.oracle.com/cve/CVE-2022-1292.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.debian.org/debian-lts-announce/2022/05/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/", + "https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1292", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220602-0009/", + "https://security.netapp.com/advisory/ntap-20220729-0004/", + "https://ubuntu.com/security/notices/USN-5402-1", + "https://ubuntu.com/security/notices/USN-5402-2", + "https://www.cve.org/CVERecord?id=CVE-2022-1292", + "https://www.debian.org/security/2022/dsa-5139", + "https://www.openssl.org/news/secadv/20220503.txt", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-05-03T16:15:00Z", + "LastModifiedDate": "2023-02-14T12:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2068", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.19", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2068", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "the c_rehash script allows command injection", + "Description": "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-78" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 10, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2068", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7", + "https://linux.oracle.com/cve/CVE-2022-2068.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2068", + "https://security.netapp.com/advisory/ntap-20220707-0008/", + "https://ubuntu.com/security/notices/USN-5488-1", + "https://ubuntu.com/security/notices/USN-5488-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2068", + "https://www.debian.org/security/2022/dsa-5169", + "https://www.openssl.org/news/secadv/20220621.txt" + ], + "PublishedDate": "2022-06-21T15:15:00Z", + "LastModifiedDate": "2023-03-01T16:23:00Z" + }, + { + "VulnerabilityID": "CVE-2022-2097", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.20", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2097", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "AES OCB fails to encrypt some bytes", + "Description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-326" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6224", + "https://access.redhat.com/security/cve/CVE-2022-2097", + "https://bugzilla.redhat.com/2081494", + "https://bugzilla.redhat.com/2087911", + "https://bugzilla.redhat.com/2087913", + "https://bugzilla.redhat.com/2097310", + "https://bugzilla.redhat.com/2104905", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2097310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2100554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104905", + "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097", + "https://errata.almalinux.org/9/ALSA-2022-6224.html", + "https://errata.rockylinux.org/RLSA-2022:5818", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93", + "https://github.com/advisories/GHSA-3wx7-46ch-7rq2", + "https://linux.oracle.com/cve/CVE-2022-2097.html", + "https://linux.oracle.com/errata/ELSA-2022-9751.html", + "https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2097", + "https://rustsec.org/advisories/RUSTSEC-2022-0032.html", + "https://security.gentoo.org/glsa/202210-02", + "https://security.netapp.com/advisory/ntap-20220715-0011/", + "https://security.netapp.com/advisory/ntap-20230420-0008/", + "https://ubuntu.com/security/notices/USN-5502-1", + "https://www.cve.org/CVERecord?id=CVE-2022-2097", + "https://www.debian.org/security/2023/dsa-5343", + "https://www.openssl.org/news/secadv/20220705.txt" + ], + "PublishedDate": "2022-07-05T11:15:00Z", + "LastModifiedDate": "2023-04-20T09:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", + "Severity": "MEDIUM", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-415" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:57:00Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.21", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.\n\n\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-2932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:00Z", + "LastModifiedDate": "2023-07-19T00:55:00Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "openssl@1.1.1-1ubuntu2.1~18.04.6", + "PkgName": "openssl", + "InstalledVersion": "1.1.1-1ubuntu2.1~18.04.6", + "FixedVersion": "1.1.1-1ubuntu2.1~18.04.23", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:00Z", + "LastModifiedDate": "2023-07-03T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2020-16156", + "PkgID": "perl-base@5.26.1-6ubuntu0.5", + "PkgName": "perl-base", + "InstalledVersion": "5.26.1-6ubuntu0.5", + "FixedVersion": "5.26.1-6ubuntu0.6", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-16156", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Bypass of verification of signatures in CHECKSUMS files", + "Description": "CPAN 2.28 allows Signature Verification Bypass.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-347" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V2Score": 6.8, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html", + "https://access.redhat.com/security/cve/CVE-2020-16156", + "https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/", + "https://metacpan.org/pod/distribution/CPAN/scripts/cpan", + "https://nvd.nist.gov/vuln/detail/CVE-2020-16156", + "https://ubuntu.com/security/notices/USN-5689-1", + "https://ubuntu.com/security/notices/USN-5689-2", + "https://www.cve.org/CVERecord?id=CVE-2020-16156" + ], + "PublishedDate": "2021-12-13T18:15:00Z", + "LastModifiedDate": "2022-04-01T13:26:00Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl-base@5.26.1-6ubuntu0.5", + "PkgName": "perl-base", + "InstalledVersion": "5.26.1-6ubuntu0.5", + "FixedVersion": "5.26.1-6ubuntu0.7", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:00Z", + "LastModifiedDate": "2023-07-10T16:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-40897", + "PkgID": "python3-pkg-resources@39.0.1-2", + "PkgName": "python3-pkg-resources", + "InstalledVersion": "39.0.1-2", + "FixedVersion": "39.0.1-2ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-40897", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "Regular Expression Denial of Service (ReDoS) in package_index.py", + "Description": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.", + "Severity": "MEDIUM", + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0952", + "https://access.redhat.com/security/cve/CVE-2022-40897", + "https://bugzilla.redhat.com/2158559", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158559", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897", + "https://errata.almalinux.org/9/ALSA-2023-0952.html", + "https://errata.rockylinux.org/RLSA-2023:0952", + "https://github.com/advisories/GHSA-r9hx-vwmv-q579", + "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200", + "https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be", + "https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1", + "https://github.com/pypa/setuptools/issues/3659", + "https://linux.oracle.com/cve/CVE-2022-40897.html", + "https://linux.oracle.com/errata/ELSA-2023-12348.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-40897", + "https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/", + "https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", + "https://security.netapp.com/advisory/ntap-20230214-0001/", + "https://setuptools.pypa.io/en/latest/", + "https://ubuntu.com/security/notices/USN-5817-1", + "https://www.cve.org/CVERecord?id=CVE-2022-40897" + ], + "PublishedDate": "2022-12-23T00:15:00Z", + "LastModifiedDate": "2023-05-01T06:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3177", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3177", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c", + "Description": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3177", + "https://bugs.python.org/issue42938", + "https://bugzilla.redhat.com/show_bug.cgi?id=1868006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1883014", + "https://bugzilla.redhat.com/show_bug.cgi?id=1886755", + "https://bugzilla.redhat.com/show_bug.cgi?id=1901633", + "https://bugzilla.redhat.com/show_bug.cgi?id=1918168", + "https://bugzilla.redhat.com/show_bug.cgi?id=1920596", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177", + "https://errata.almalinux.org/8/ALSA-2021-1879.html", + "https://errata.rockylinux.org/RLSA-2021:1879", + "https://github.com/python/cpython/pull/24239", + "https://linux.oracle.com/cve/CVE-2021-3177.html", + "https://linux.oracle.com/errata/ELSA-2022-5235.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/", + "https://news.ycombinator.com/item?id=26185005", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3177", + "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html", + "https://security.gentoo.org/glsa/202101-18", + "https://security.netapp.com/advisory/ntap-20210226-0003/", + "https://ubuntu.com/security/notices/USN-4754-1", + "https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)", + "https://ubuntu.com/security/notices/USN-4754-3", + "https://ubuntu.com/security/notices/USN-4754-4", + "https://ubuntu.com/security/notices/USN-4754-5", + "https://www.cve.org/CVERecord?id=CVE-2021-3177", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-01-19T06:15:00Z", + "LastModifiedDate": "2023-05-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3733", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3733", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: urllib: Regular expression DoS in AbstractBasicAuthHandler", + "Description": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3733", + "https://bugs.python.org/issue43075", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final", + "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final", + "https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final", + "https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final", + "https://errata.almalinux.org/8/ALSA-2022-1821.html", + "https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)", + "https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)", + "https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)", + "https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)", + "https://github.com/python/cpython/pull/24391", + "https://linux.oracle.com/cve/CVE-2021-3733.html", + "https://linux.oracle.com/errata/ELSA-2022-1821.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", + "https://security.netapp.com/advisory/ntap-20220407-0001/", + "https://ubuntu.com/security/CVE-2021-3733", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3733" + ], + "PublishedDate": "2022-03-10T17:42:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3737", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3737", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP client possible infinite loop on a 100 Continue response", + "Description": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3737", + "https://bugs.python.org/issue44022", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)", + "https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)", + "https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14", + "https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)", + "https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)", + "https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)", + "https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)", + "https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)", + "https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)", + "https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)", + "https://github.com/python/cpython/pull/25916", + "https://github.com/python/cpython/pull/26503", + "https://linux.oracle.com/cve/CVE-2021-3737.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", + "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", + "https://security.netapp.com/advisory/ntap-20220407-0009/", + "https://ubuntu.com/security/CVE-2021-3737", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://ubuntu.com/security/notices/USN-5201-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3737", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-03-04T19:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-4189", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4189", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "ftplib should not use the host from the PASV response", + "Description": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-252" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4189", + "https://bugs.python.org/issue43285", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)", + "https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)", + "https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)", + "https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)", + "https://linux.oracle.com/cve/CVE-2021-4189.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", + "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", + "https://security-tracker.debian.org/tracker/CVE-2021-4189", + "https://security.netapp.com/advisory/ntap-20221104-0004/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2021-4189" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0391", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0391", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "urllib.parse does not sanitize URLs containing ASCII newline and tabs", + "Description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6457", + "https://access.redhat.com/security/cve/CVE-2022-0391", + "https://bugs.python.org/issue43882", + "https://bugzilla.redhat.com/2047376", + "https://bugzilla.redhat.com/2075390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-6457.html", + "https://linux.oracle.com/cve/CVE-2022-0391.html", + "https://linux.oracle.com/errata/ELSA-2023-3550.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20220225-0009/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0391", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2022-02-09T23:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37454", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37454", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overflow in the SHA-3 reference implementation", + "Description": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2417", + "https://access.redhat.com/security/cve/CVE-2022-37454", + "https://bugzilla.redhat.com/2133687", + "https://bugzilla.redhat.com/2133688", + "https://bugzilla.redhat.com/2139280", + "https://bugzilla.redhat.com/2140200", + "https://bugzilla.redhat.com/2158791", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133687", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140200", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158791", + "https://csrc.nist.gov/projects/hash-functions/sha-3-project", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", + "https://eprint.iacr.org/2023/331", + "https://errata.almalinux.org/9/ALSA-2023-2417.html", + "https://errata.rockylinux.org/RLSA-2023:0965", + "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a", + "https://github.com/XKCP/XKCP/issues/105", + "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312", + "https://github.com/johanns/sha3/issues/17", + "https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd", + "https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (3.10-branch)", + "https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (3.7-branch)", + "https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (3.9-branch)", + "https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (3.8-branch)", + "https://github.com/python/cpython/issues/98517", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml", + "https://github.com/tiran/pysha3/issues/29", + "https://linux.oracle.com/cve/CVE-2022-37454.html", + "https://linux.oracle.com/errata/ELSA-2023-2903.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://mouha.be/sha-3-buffer-overflow/", + "https://news.ycombinator.com/item?id=33281106", + "https://news.ycombinator.com/item?id=35050307", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", + "https://security.gentoo.org/glsa/202305-02", + "https://ubuntu.com/security/notices/USN-5717-1", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-3", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://ubuntu.com/security/notices/USN-5930-1", + "https://ubuntu.com/security/notices/USN-5931-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37454", + "https://www.debian.org/security/2022/dsa-5267", + "https://www.debian.org/security/2022/dsa-5269" + ], + "PublishedDate": "2022-10-21T06:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45061", + "PkgID": "python3.6@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45061", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "CPU denial of service via inefficient IDNA decoder", + "Description": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0953", + "https://access.redhat.com/security/cve/CVE-2022-45061", + "https://bugzilla.redhat.com/2144072", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144072", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061", + "https://errata.almalinux.org/9/ALSA-2023-0953.html", + "https://errata.rockylinux.org/RLSA-2023:0953", + "https://github.com/python/cpython/issues/98433", + "https://github.com/python/cpython/pull/99092", + "https://github.com/python/cpython/pull/99230 (3.9-branch)", + "https://github.com/python/cpython/pull/99231 (3.8-branch)", + "https://linux.oracle.com/cve/CVE-2022-45061.html", + "https://linux.oracle.com/errata/ELSA-2023-2860.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", + "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20221209-0007/", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-2", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45061" + ], + "PublishedDate": "2022-11-09T07:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3177", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.4", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3177", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c", + "Description": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 7.5, + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3177", + "https://bugs.python.org/issue42938", + "https://bugzilla.redhat.com/show_bug.cgi?id=1868006", + "https://bugzilla.redhat.com/show_bug.cgi?id=1883014", + "https://bugzilla.redhat.com/show_bug.cgi?id=1886755", + "https://bugzilla.redhat.com/show_bug.cgi?id=1901633", + "https://bugzilla.redhat.com/show_bug.cgi?id=1918168", + "https://bugzilla.redhat.com/show_bug.cgi?id=1920596", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26116", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3177", + "https://errata.almalinux.org/8/ALSA-2021-1879.html", + "https://errata.rockylinux.org/RLSA-2021:1879", + "https://github.com/python/cpython/pull/24239", + "https://linux.oracle.com/cve/CVE-2021-3177.html", + "https://linux.oracle.com/errata/ELSA-2022-5235.html", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E", + "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/", + "https://news.ycombinator.com/item?id=26185005", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3177", + "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html", + "https://security.gentoo.org/glsa/202101-18", + "https://security.netapp.com/advisory/ntap-20210226-0003/", + "https://ubuntu.com/security/notices/USN-4754-1", + "https://ubuntu.com/security/notices/USN-4754-2 (regression in python2.7)", + "https://ubuntu.com/security/notices/USN-4754-3", + "https://ubuntu.com/security/notices/USN-4754-4", + "https://ubuntu.com/security/notices/USN-4754-5", + "https://www.cve.org/CVERecord?id=CVE-2021-3177", + "https://www.oracle.com//security-alerts/cpujul2021.html", + "https://www.oracle.com/security-alerts/cpujan2022.html", + "https://www.oracle.com/security-alerts/cpujul2022.html", + "https://www.oracle.com/security-alerts/cpuoct2021.html" + ], + "PublishedDate": "2021-01-19T06:15:00Z", + "LastModifiedDate": "2023-05-24T21:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3733", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3733", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "python: urllib: Regular expression DoS in AbstractBasicAuthHandler", + "Description": "There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 4, + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3733", + "https://bugs.python.org/issue43075", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final", + "https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final", + "https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final", + "https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final", + "https://errata.almalinux.org/8/ALSA-2022-1821.html", + "https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb", + "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)", + "https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)", + "https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)", + "https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)", + "https://github.com/python/cpython/pull/24391", + "https://linux.oracle.com/cve/CVE-2021-3733.html", + "https://linux.oracle.com/errata/ELSA-2022-1821.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3733", + "https://security.netapp.com/advisory/ntap-20220407-0001/", + "https://ubuntu.com/security/CVE-2021-3733", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3733" + ], + "PublishedDate": "2022-03-10T17:42:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-3737", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.6", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3737", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "HTTP client possible infinite loop on a 100 Continue response", + "Description": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400", + "CWE-835" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.1, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-3737", + "https://bugs.python.org/issue44022", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)", + "https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)", + "https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14", + "https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)", + "https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)", + "https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)", + "https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)", + "https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)", + "https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)", + "https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)", + "https://github.com/python/cpython/pull/25916", + "https://github.com/python/cpython/pull/26503", + "https://linux.oracle.com/cve/CVE-2021-3737.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-3737", + "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html", + "https://security.netapp.com/advisory/ntap-20220407-0009/", + "https://ubuntu.com/security/CVE-2021-3737", + "https://ubuntu.com/security/notices/USN-5083-1", + "https://ubuntu.com/security/notices/USN-5199-1", + "https://ubuntu.com/security/notices/USN-5200-1", + "https://ubuntu.com/security/notices/USN-5201-1", + "https://www.cve.org/CVERecord?id=CVE-2021-3737", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-03-04T19:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2021-4189", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-4189", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "ftplib should not use the host from the PASV response", + "Description": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-252" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-4189", + "https://bugs.python.org/issue43285", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995162", + "https://bugzilla.redhat.com/show_bug.cgi?id=1995234", + "https://bugzilla.redhat.com/show_bug.cgi?id=2006792", + "https://bugzilla.redhat.com/show_bug.cgi?id=2032569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2036020", + "https://bugzilla.redhat.com/show_bug.cgi?id=2047376", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43818", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-1986.html", + "https://errata.rockylinux.org/RLSA-2022:1821", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e", + "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)", + "https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)", + "https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)", + "https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)", + "https://linux.oracle.com/cve/CVE-2021-4189.html", + "https://linux.oracle.com/errata/ELSA-2022-1986.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-4189", + "https://python-security.readthedocs.io/vuln/ftplib-pasv.html", + "https://security-tracker.debian.org/tracker/CVE-2021-4189", + "https://security.netapp.com/advisory/ntap-20221104-0004/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2021-4189" + ], + "PublishedDate": "2022-08-24T16:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-0391", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.7", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-0391", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "urllib.parse does not sanitize URLs containing ASCII newline and tabs", + "Description": "A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-74" + ], + "CVSS": { + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:6457", + "https://access.redhat.com/security/cve/CVE-2022-0391", + "https://bugs.python.org/issue43882", + "https://bugzilla.redhat.com/2047376", + "https://bugzilla.redhat.com/2075390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391", + "https://errata.almalinux.org/8/ALSA-2022-6457.html", + "https://linux.oracle.com/cve/CVE-2022-0391.html", + "https://linux.oracle.com/errata/ELSA-2023-3550.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-0391", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20220225-0009/", + "https://ubuntu.com/security/notices/USN-5342-1", + "https://ubuntu.com/security/notices/USN-5342-2", + "https://www.cve.org/CVERecord?id=CVE-2022-0391", + "https://www.oracle.com/security-alerts/cpuapr2022.html" + ], + "PublishedDate": "2022-02-09T23:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37454", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.10", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37454", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "buffer overflow in the SHA-3 reference implementation", + "Description": "The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2417", + "https://access.redhat.com/security/cve/CVE-2022-37454", + "https://bugzilla.redhat.com/2133687", + "https://bugzilla.redhat.com/2133688", + "https://bugzilla.redhat.com/2139280", + "https://bugzilla.redhat.com/2140200", + "https://bugzilla.redhat.com/2158791", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133687", + "https://bugzilla.redhat.com/show_bug.cgi?id=2133688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2139280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2140200", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158791", + "https://csrc.nist.gov/projects/hash-functions/sha-3-project", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37454", + "https://eprint.iacr.org/2023/331", + "https://errata.almalinux.org/9/ALSA-2023-2417.html", + "https://errata.rockylinux.org/RLSA-2023:0965", + "https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a", + "https://github.com/XKCP/XKCP/issues/105", + "https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/advisories/GHSA-6w4m-2xhg-2658", + "https://github.com/johanns/sha3/commit/5f2e8118a62831911703c8753ff2435c3b5d7312", + "https://github.com/johanns/sha3/issues/17", + "https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd", + "https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (3.10-branch)", + "https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (3.7-branch)", + "https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (3.9-branch)", + "https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (3.8-branch)", + "https://github.com/python/cpython/issues/98517", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/sha3/CVE-2022-37454.yml", + "https://github.com/tiran/pysha3/issues/29", + "https://linux.oracle.com/cve/CVE-2022-37454.html", + "https://linux.oracle.com/errata/ELSA-2023-2903.html", + "https://lists.debian.org/debian-lts-announce/2022/10/msg00041.html", + "https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ALQ6BDDPX5HU5YBQOBMDVAA2TSGDKIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMIEXLMTW5GO36HTFFWIPB3OHZXCT3G4/", + "https://mouha.be/sha-3-buffer-overflow/", + "https://news.ycombinator.com/item?id=33281106", + "https://news.ycombinator.com/item?id=35050307", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37454", + "https://security.gentoo.org/glsa/202305-02", + "https://ubuntu.com/security/notices/USN-5717-1", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-3", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://ubuntu.com/security/notices/USN-5930-1", + "https://ubuntu.com/security/notices/USN-5931-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37454", + "https://www.debian.org/security/2022/dsa-5267", + "https://www.debian.org/security/2022/dsa-5269" + ], + "PublishedDate": "2022-10-21T06:15:00Z", + "LastModifiedDate": "2023-05-03T11:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-45061", + "PkgID": "python3.6-minimal@3.6.9-1~18.04ubuntu1.3", + "PkgName": "python3.6-minimal", + "InstalledVersion": "3.6.9-1~18.04ubuntu1.3", + "FixedVersion": "3.6.9-1~18.04ubuntu1.9", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-45061", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "CPU denial of service via inefficient IDNA decoder", + "Description": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0953", + "https://access.redhat.com/security/cve/CVE-2022-45061", + "https://bugzilla.redhat.com/2144072", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144072", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061", + "https://errata.almalinux.org/9/ALSA-2023-0953.html", + "https://errata.rockylinux.org/RLSA-2023:0953", + "https://github.com/python/cpython/issues/98433", + "https://github.com/python/cpython/pull/99092", + "https://github.com/python/cpython/pull/99230 (3.9-branch)", + "https://github.com/python/cpython/pull/99231 (3.8-branch)", + "https://linux.oracle.com/cve/CVE-2022-45061.html", + "https://linux.oracle.com/errata/ELSA-2023-2860.html", + "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-45061", + "https://python-security.readthedocs.io/vuln/slow-idna-large-strings.html", + "https://security.gentoo.org/glsa/202305-02", + "https://security.netapp.com/advisory/ntap-20221209-0007/", + "https://ubuntu.com/security/notices/USN-5767-1", + "https://ubuntu.com/security/notices/USN-5767-2", + "https://ubuntu.com/security/notices/USN-5888-1", + "https://www.cve.org/CVERecord?id=CVE-2022-45061" + ], + "PublishedDate": "2022-11-09T07:15:00Z", + "LastModifiedDate": "2023-06-30T23:15:00Z" + }, + { + "VulnerabilityID": "CVE-2022-48303", + "PkgID": "tar@1.29b-2ubuntu0.1", + "PkgName": "tar", + "InstalledVersion": "1.29b-2ubuntu0.1", + "FixedVersion": "1.29b-2ubuntu0.4", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-48303", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "heap buffer overflow at from_header() in list.c via specially crafted checksum", + "Description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0959", + "https://access.redhat.com/security/cve/CVE-2022-48303", + "https://bugzilla.redhat.com/2149722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303", + "https://errata.almalinux.org/9/ALSA-2023-0959.html", + "https://errata.rockylinux.org/RLSA-2023:0959", + "https://linux.oracle.com/cve/CVE-2022-48303.html", + "https://linux.oracle.com/errata/ELSA-2023-0959.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRY7VEL4AIG3GLIEVCTOXRZNSVYDYYUD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5VQYCO52Z7GAVCLRYUITN7KXHLRZQS4/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-48303", + "https://savannah.gnu.org/bugs/?62387", + "https://savannah.gnu.org/patch/?10307", + "https://ubuntu.com/security/notices/USN-5900-1", + "https://ubuntu.com/security/notices/USN-5900-2", + "https://www.cve.org/CVERecord?id=CVE-2022-48303" + ], + "PublishedDate": "2023-01-30T04:15:00Z", + "LastModifiedDate": "2023-05-30T17:16:00Z" + }, + { + "VulnerabilityID": "CVE-2022-1271", + "PkgID": "xz-utils@5.2.2-1.3", + "PkgName": "xz-utils", + "InstalledVersion": "5.2.2-1.3", + "FixedVersion": "5.2.2-1.3ubuntu0.1", + "Layer": { + "DiffID": "sha256:934f67a31fe6220900d4a345f2f62b31e1a54409c60c0e966aaa0b18a8f2731a" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1271", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "arbitrary-file-write vulnerability", + "Description": "An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:4940", + "https://access.redhat.com/security/cve/CVE-2022-1271", + "https://bugzilla.redhat.com/2073310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2073310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271", + "https://errata.almalinux.org/9/ALSA-2022-4940.html", + "https://errata.rockylinux.org/RLSA-2022:4940", + "https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6", + "https://linux.oracle.com/cve/CVE-2022-1271.html", + "https://linux.oracle.com/errata/ELSA-2022-5052.html", + "https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1271", + "https://security-tracker.debian.org/tracker/CVE-2022-1271", + "https://security.gentoo.org/glsa/202209-01", + "https://security.netapp.com/advisory/ntap-20220930-0006/", + "https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch", + "https://ubuntu.com/security/notices/USN-5378-1", + "https://ubuntu.com/security/notices/USN-5378-2", + "https://ubuntu.com/security/notices/USN-5378-3", + "https://ubuntu.com/security/notices/USN-5378-4", + "https://www.cve.org/CVERecord?id=CVE-2022-1271", + "https://www.openwall.com/lists/oss-security/2022/04/07/8" + ], + "PublishedDate": "2022-08-31T16:15:00Z", + "LastModifiedDate": "2022-10-07T14:14:00Z" + }, + { + "VulnerabilityID": "CVE-2018-25032", + "PkgID": "zlib1g@1:1.2.11.dfsg-0ubuntu2", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.11.dfsg-0ubuntu2", + "FixedVersion": "1:1.2.11.dfsg-0ubuntu2.1", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-25032", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "A flaw found in zlib when compressing (not decompressing) certain inputs", + "Description": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/May/33", + "http://seclists.org/fulldisclosure/2022/May/35", + "http://seclists.org/fulldisclosure/2022/May/38", + "http://www.openwall.com/lists/oss-security/2022/03/25/2", + "http://www.openwall.com/lists/oss-security/2022/03/26/1", + "https://access.redhat.com/errata/RHSA-2022:8420", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25032.json", + "https://access.redhat.com/security/cve/CVE-2018-25032", + "https://bugzilla.redhat.com/2067945", + "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032", + "https://errata.almalinux.org/9/ALSA-2022-8420.html", + "https://github.com/advisories/GHSA-jc36-42cf-vqwj", + "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531", + "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12", + "https://github.com/madler/zlib/issues/605", + "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-25032.yml", + "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4", + "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5", + "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ", + "https://linux.oracle.com/cve/CVE-2018-25032.html", + "https://linux.oracle.com/errata/ELSA-2022-9565.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html", + "https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html", + "https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/", + "https://nvd.nist.gov/vuln/detail/CVE-2018-25032", + "https://security.gentoo.org/glsa/202210-42", + "https://security.netapp.com/advisory/ntap-20220526-0009/", + "https://security.netapp.com/advisory/ntap-20220729-0004/", + "https://support.apple.com/kb/HT213255", + "https://support.apple.com/kb/HT213256", + "https://support.apple.com/kb/HT213257", + "https://ubuntu.com/security/notices/USN-5355-1", + "https://ubuntu.com/security/notices/USN-5355-2", + "https://ubuntu.com/security/notices/USN-5359-1", + "https://ubuntu.com/security/notices/USN-5359-2", + "https://ubuntu.com/security/notices/USN-5739-1", + "https://www.cve.org/CVERecord?id=CVE-2018-25032", + "https://www.debian.org/security/2022/dsa-5111", + "https://www.openwall.com/lists/oss-security/2022/03/24/1", + "https://www.openwall.com/lists/oss-security/2022/03/28/1", + "https://www.openwall.com/lists/oss-security/2022/03/28/3", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-03-25T09:15:00Z", + "LastModifiedDate": "2023-04-27T17:50:00Z" + }, + { + "VulnerabilityID": "CVE-2022-37434", + "PkgID": "zlib1g@1:1.2.11.dfsg-0ubuntu2", + "PkgName": "zlib1g", + "InstalledVersion": "1:1.2.11.dfsg-0ubuntu2", + "FixedVersion": "1:1.2.11.dfsg-0ubuntu2.2", + "Layer": { + "DiffID": "sha256:b43408d5f11b7b2faf048ae4eb25c296536c571fb2f937b4f1c3883386e93d64" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-37434", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Title": "heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field", + "Description": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2022/Oct/37", + "http://seclists.org/fulldisclosure/2022/Oct/38", + "http://seclists.org/fulldisclosure/2022/Oct/41", + "http://seclists.org/fulldisclosure/2022/Oct/42", + "http://www.openwall.com/lists/oss-security/2022/08/05/2", + "http://www.openwall.com/lists/oss-security/2022/08/09/1", + "https://access.redhat.com/errata/RHSA-2022:8291", + "https://access.redhat.com/security/cve/CVE-2022-37434", + "https://bugzilla.redhat.com/2116639", + "https://bugzilla.redhat.com/show_bug.cgi?id=2053198", + "https://bugzilla.redhat.com/show_bug.cgi?id=2077431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2081296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2116639", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434", + "https://errata.almalinux.org/9/ALSA-2022-8291.html", + "https://errata.rockylinux.org/RLSA-2022:8291", + "https://github.com/curl/curl/issues/9271", + "https://github.com/ivd38/zlib_overflow", + "https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063", + "https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1", + "https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764", + "https://linux.oracle.com/cve/CVE-2022-37434.html", + "https://linux.oracle.com/errata/ELSA-2023-1095.html", + "https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-37434", + "https://security.netapp.com/advisory/ntap-20220901-0005/", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://support.apple.com/kb/HT213488", + "https://support.apple.com/kb/HT213489", + "https://support.apple.com/kb/HT213490", + "https://support.apple.com/kb/HT213491", + "https://support.apple.com/kb/HT213493", + "https://support.apple.com/kb/HT213494", + "https://ubuntu.com/security/notices/USN-5570-1", + "https://ubuntu.com/security/notices/USN-5570-2", + "https://ubuntu.com/security/notices/USN-5573-1", + "https://www.cve.org/CVERecord?id=CVE-2022-37434", + "https://www.debian.org/security/2022/dsa-5218" + ], + "PublishedDate": "2022-08-05T07:15:00Z", + "LastModifiedDate": "2023-07-19T00:56:00Z" + } + ] + } +] \ No newline at end of file diff --git a/honeyscanner/passive_attacks/container_security_scanner/container_security_scanner.py b/honeyscanner/passive_attacks/container_security_scanner/container_security_scanner.py index d34d819..43fbc5a 100644 --- a/honeyscanner/passive_attacks/container_security_scanner/container_security_scanner.py +++ b/honeyscanner/passive_attacks/container_security_scanner/container_security_scanner.py @@ -14,6 +14,8 @@ class ContainerSecurityScanner: def __init__(self, honeypot_owner: str, honeypot_name: str) -> None: init(autoreset=True) self.honeypot_owner = honeypot_owner + if self.honeypot_owner == "DinoTools": + self.honeypot_owner = "dinotools" self.honeypot_name = honeypot_name self.github_repo_url = f"https://github.com/{honeypot_owner}/{honeypot_name}" self.local_repo_path = None diff --git a/honeyscanner/passive_attacks/results/all_cves.txt b/honeyscanner/passive_attacks/results/all_cves.txt index 7c4b44e..e69de29 100644 --- a/honeyscanner/passive_attacks/results/all_cves.txt +++ b/honeyscanner/passive_attacks/results/all_cves.txt @@ -1,336 +0,0 @@ -CVE-2023-0215 -CVE-2023-0401 -CVE-2023-0217 -CVE-2022-3996 -CVE-2023-0216 -CVE-2022-4203 -CVE-2022-4304 -CVE-2023-0286 -CVE-2022-4450 -CVE-2023-2650 -CVE-2023-23931 -CVE-2022-29519 -CVE-2022-30312 -CVE-2022-31204 -CVE-2002-1949 -CVE-2008-4122 -CVE-2008-3289 -CVE-2008-4390 -CVE-2007-5626 -CVE-2004-1852 -CVE-2008-0374 -CVE-2007-4961 -CVE-2007-4786 -CVE-2005-3140 -CVE-2022-30273 -CVE-2022-30320 -CVE-2008-3775 -CVE-2007-4150 -CVE-2007-5460 -CVE-2005-4860 -CVE-2002-2058 -CVE-2008-3188 -CVE-2005-2946 -CVE-2007-6013 -CVE-2019-12799 -CVE-2015-8103 -CVE-2015-4852 -CVE-2013-1465 -CVE-2012-3527 -CVE-2012-0911 -CVE-2011-2520 -CVE-2012-4406 -CVE-2003-0791 -CVE-2019-12496 -CVE-2014-1266 -CVE-2021-22909 -CVE-2008-4989 -CVE-2012-5821 -CVE-2009-3046 -CVE-2011-0199 -CVE-2012-5810 -CVE-2012-3446 -CVE-2009-2408 -CVE-2012-2993 -CVE-2012-5822 -CVE-2012-5819 -CVE-2012-5817 -CVE-2010-1378 -CVE-2005-3170 -CVE-2009-0265 -CVE-2003-1229 -CVE-2002-0862 -CVE-2009-1358 -CVE-2022-21668 -CVE-2020-7218 -CVE-2020-3566 -CVE-2009-2874 -CVE-2009-1928 -CVE-2009-2858 -CVE-2009-2726 -CVE-2009-2540 -CVE-2009-2299 -CVE-2009-2054 -CVE-2008-5180 -CVE-2008-2121 -CVE-2008-2122 -CVE-2008-1700 -CVE-2007-4103 -CVE-2006-1173 -CVE-2007-0897 -CVE-2021-42258 -CVE-2021-27101 -CVE-2020-12271 -CVE-2019-3792 -CVE-2004-0366 -CVE-2008-2790 -CVE-2008-2223 -CVE-2007-6602 -CVE-2008-5817 -CVE-2003-0377 -CVE-2008-2380 -CVE-2017-11508 -CVE-2001-1546 -CVE-2004-2172 -CVE-2002-1682 -CVE-2002-1697 -CVE-2002-1739 -CVE-2005-2281 -CVE-2002-1872 -CVE-2002-1910 -CVE-2002-1946 -CVE-2002-1975 -CVE-2020-10987 -CVE-2020-10221 -CVE-2020-9054 -CVE-1999-0067 -CVE-2001-1246 -CVE-2002-0061 -CVE-2003-0041 -CVE-2008-2575 -CVE-2002-1898 -CVE-2008-4304 -CVE-2008-4796 -CVE-2007-3572 -CVE-2012-1988 -CVE-2022-1304 -CVE-2019-8457 -CVE-2023-29491 -CVE-2021-29921 -CVE-2015-20107 -CVE-2020-10735 -CVE-2021-3737 -CVE-2022-0391 -CVE-2022-42919 -CVE-2022-45061 -CVE-2023-24329 -CVE-2021-3426 -CVE-2021-3733 -CVE-2021-4189 -CVE-2023-27043 -CVE-2021-31239 -CVE-2023-38325 -CVE-2017-20052 -CVE-2008-1721 -CVE-2008-1887 -CVE-2008-1679 -CVE-2010-1450 -CVE-2010-1449 -CVE-2009-4134 -CVE-2006-4980 -CVE-2018-1000030 -CVE-2018-1000802 -CVE-2014-7185 -CVE-2013-7040 -CVE-2023-36632 -PVE-2021-42393 -CVE-2019-9674 -CVE-2016-1000111 -PVE-2021-34914 -CVE-2019-9512 -CVE-2019-9514 -CVE-2019-9515 -PVE-2021-37040 -CVE-2019-12387 -CVE-2019-12855 -CVE-2020-10108 -CVE-2022-24801 -CVE-2020-10109 -CVE-2014-7143 -CVE-2022-21712 -CVE-2022-39348 -CVE-2018-6594 -CVE-2013-1445 -CVE-2013-7459 -CVE-2020-27350 -CVE-2020-3810 -CVE-2018-12886 -CVE-2019-15847 -CVE-2022-1664 -CVE-2022-1271 -CVE-2021-33574 -CVE-2021-35942 -CVE-2022-23218 -CVE-2022-23219 -CVE-2020-1751 -CVE-2020-1752 -CVE-2020-6096 -CVE-2021-3326 -CVE-2021-3999 -CVE-2016-10228 -CVE-2019-25013 -CVE-2020-10029 -CVE-2020-27618 -CVE-2021-33560 -CVE-2019-13627 -CVE-2021-40528 -CVE-2019-12290 -CVE-2023-2953 -CVE-2021-3520 -CVE-2020-14155 -CVE-2020-16156 -CVE-2023-31484 -CVE-2021-23336 -CVE-2020-35527 -CVE-2019-19603 -CVE-2019-19923 -CVE-2019-19925 -CVE-2019-19959 -CVE-2019-20218 -CVE-2020-13630 -CVE-2020-35525 -CVE-2019-16168 -CVE-2019-19645 -CVE-2019-19924 -CVE-2020-13434 -CVE-2020-13435 -CVE-2020-13631 -CVE-2020-13632 -CVE-2020-15358 -CVE-2021-3711 -CVE-2022-1292 -CVE-2022-2068 -CVE-2020-1967 -CVE-2021-23840 -CVE-2021-3712 -CVE-2022-0778 -CVE-2023-0464 -CVE-2019-1551 -CVE-2020-1971 -CVE-2021-23841 -CVE-2021-3449 -CVE-2021-4160 -CVE-2022-2097 -CVE-2023-0465 -CVE-2023-0466 -CVE-2019-3843 -CVE-2019-3844 -CVE-2020-1712 -CVE-2023-26604 -CVE-2021-33910 -CVE-2021-3997 -CVE-2022-3821 -CVE-2022-4415 -CVE-2021-24031 -CVE-2021-24032 -CVE-2013-7445 -CVE-2019-19449 -CVE-2019-19814 -CVE-2020-12362 -CVE-2020-36385 -CVE-2021-3493 -CVE-2021-38207 -CVE-2021-3847 -CVE-2021-3864 -CVE-2021-4037 -CVE-2022-3176 -CVE-2022-3566 -CVE-2022-39189 -CVE-2022-43945 -CVE-2022-47518 -CVE-2022-47519 -CVE-2022-47520 -CVE-2022-47521 -CVE-2023-0030 -CVE-2023-0386 -CVE-2023-1077 -CVE-2023-1380 -CVE-2023-2007 -CVE-2023-20938 -CVE-2023-2124 -CVE-2023-28466 -CVE-2023-3090 -CVE-2023-3111 -CVE-2023-32233 -CVE-2023-3268 -CVE-2023-3338 -CVE-2023-3390 -CVE-2023-3397 -CVE-2023-35001 -CVE-2023-35788 -CVE-2023-35827 -CVE-2023-3640 -CVE-2019-15213 -CVE-2019-15794 -CVE-2019-16089 -CVE-2019-20794 -CVE-2020-12363 -CVE-2020-12364 -CVE-2020-14304 -CVE-2020-16120 -CVE-2020-26141 -CVE-2020-26145 -CVE-2020-26541 -CVE-2020-27835 -CVE-2020-36310 -CVE-2020-36691 -CVE-2020-36694 -CVE-2021-33061 -CVE-2021-3669 -CVE-2021-3759 -CVE-2021-44879 -CVE-2022-0480 -CVE-2022-1184 -CVE-2022-1280 -CVE-2022-21499 -CVE-2022-27672 -CVE-2022-29900 -CVE-2022-3061 -CVE-2022-3108 -CVE-2022-3115 -CVE-2022-3169 -CVE-2022-3303 -CVE-2022-3344 -CVE-2022-3523 -CVE-2022-3567 -CVE-2022-3903 -CVE-2022-4129 -CVE-2022-4269 -CVE-2022-4382 -CVE-2022-4543 -CVE-2023-0160 -CVE-2023-0590 -CVE-2023-0597 -CVE-2023-1076 -CVE-2023-1192 -CVE-2023-1206 -CVE-2023-1249 -CVE-2023-1582 -CVE-2023-2002 -CVE-2023-2177 -CVE-2023-2269 -CVE-2023-3006 -CVE-2023-3022 -CVE-2023-31082 -CVE-2023-31083 -CVE-2023-31084 -CVE-2023-3212 -CVE-2023-33288 -CVE-2023-37453 -CVE-2023-37454 -CVE-2022-29458 -GHSA-32gv-6cf3-wcmq -GHSA-8r99-h8j2-rw64 -CVE-2021-3572 -CVE-2022-40897 -CVE-2022-40898 diff --git a/honeyscanner/passive_attacks/results/metasploit_modules.txt b/honeyscanner/passive_attacks/results/metasploit_modules.txt index 9377576..e69de29 100644 --- a/honeyscanner/passive_attacks/results/metasploit_modules.txt +++ b/honeyscanner/passive_attacks/results/metasploit_modules.txt @@ -1,2 +0,0 @@ -exploit/multi/http/shopware_createinstancefromnamedarguments_rce -exploit/linux/misc/jenkins_java_deserialize diff --git a/honeyscanner/passive_attacks/static_analyzer/analysis_results/dionaea_0.11.0_analysis.json b/honeyscanner/passive_attacks/static_analyzer/analysis_results/dionaea_0.11.0_analysis.json new file mode 100644 index 0000000..72e8845 --- /dev/null +++ b/honeyscanner/passive_attacks/static_analyzer/analysis_results/dionaea_0.11.0_analysis.json @@ -0,0 +1,441 @@ +{ + "0.11.0": { + "summary": { + "high_severity": 9, + "medium_severity": 12 + }, + "results": [ + { + "code": "201 host = self.host\n202 if host == \"0.0.0.0\":\n203 host = self.ctrl.local.host\n", + "col_offset": 23, + "end_col_offset": 32, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/ftp_download.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 202, + "line_range": [ + 202 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "98 def msgauth(rand, ident, secret):\n99 auth_hash = hashlib.sha1(bytes(rand)+secret).digest()\n100 return msghdr(OP_AUTH, strpack8(ident) + auth_hash)\n", + "col_offset": 16, + "end_col_offset": 48, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/hpfeeds.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "Use of weak SHA1 hash for security. Consider usedforsecurity=False", + "line_number": 99, + "line_range": [ + 99 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b324_hashlib.html", + "test_id": "B324", + "test_name": "hashlib" + }, + { + "code": "301 \n302 self.global_template = jinja2.Environment(\n303 loader=jinja2.FileSystemLoader(tpl_path)\n304 )\n305 self.file_template = jinja2.Environment(\n", + "col_offset": 31, + "end_col_offset": 9, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/http.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 94, + "link": "https://cwe.mitre.org/data/definitions/94.html" + }, + "issue_severity": "HIGH", + "issue_text": "By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.", + "line_number": 302, + "line_range": [ + 302, + 303, + 304 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b701_jinja2_autoescape_false.html", + "test_id": "B701", + "test_name": "jinja2_autoescape_false" + }, + { + "code": "304 )\n305 self.file_template = jinja2.Environment(\n306 loader=jinja2.FileSystemLoader(self.root)\n307 )\n308 tpl_cfg = config.get(\"templates\")\n", + "col_offset": 29, + "end_col_offset": 9, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/http.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 94, + "link": "https://cwe.mitre.org/data/definitions/94.html" + }, + "issue_severity": "HIGH", + "issue_text": "By default, jinja2 sets autoescape to False. Consider using autoescape=True or use the select_autoescape function to mitigate XSS vulnerabilities.", + "line_number": 305, + "line_range": [ + 305, + 306, + 307 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b701_jinja2_autoescape_false.html", + "test_id": "B701", + "test_name": "jinja2_autoescape_false" + }, + { + "code": "57 # ToDo: parse response\n58 response = urlopen(req)\n59 \n", + "col_offset": 19, + "end_col_offset": 31, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/log_incident.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.", + "line_number": 58, + "line_range": [ + 58 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "test_id": "B310", + "test_name": "blacklist" + }, + { + "code": "56 # ToDo: parse response\n57 response = urlopen(req)\n58 # Debug:\n", + "col_offset": 19, + "end_col_offset": 31, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/log_json.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.", + "line_number": 57, + "line_range": [ + 57 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "test_id": "B310", + "test_name": "blacklist" + }, + { + "code": "31 self.session = tempfile.NamedTemporaryFile(\n32 delete=False, prefix='mssql_session-', dir=\"/tmp/\")\n33 else:\n", + "col_offset": 59, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/mssql/mssql.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 377, + "link": "https://cwe.mitre.org/data/definitions/377.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Probable insecure usage of temp file/directory.", + "line_number": 32, + "line_range": [ + 32 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html", + "test_id": "B108", + "test_name": "hardcoded_tmp_directory" + }, + { + "code": "2557 ],\n2558 \"value_default\": \"/tmp/mysql.sock\"\n2559 }\n2560 },\n2561 {\n2562 \"name\": \"sort_buffer_size\",\n2563 \"type\": \"integer\",\n2564 \"type_options\": {\n2565 \"dynamic\": True,\n", + "col_offset": 29, + "end_col_offset": 46, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/mysql/var.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 377, + "link": "https://cwe.mitre.org/data/definitions/377.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Probable insecure usage of temp file/directory.", + "line_number": 2558, + "line_range": [ + 2553, + 2554, + 2555, + 2556, + 2557, + 2558, + 2559 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html", + "test_id": "B108", + "test_name": "hardcoded_tmp_directory" + }, + { + "code": "145 # :See: http://tools.ietf.org/html/rfc2617#page-10\n146 H = lambda d: bytes(hashlib.md5(d).hexdigest(), \"utf-8\")\n147 KD = lambda secret, data: H(secret + b\":\" + data)\n", + "col_offset": 20, + "end_col_offset": 34, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/sip/rfc2617.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "Use of weak MD5 hash for security. Consider usedforsecurity=False", + "line_number": 146, + "line_range": [ + 146 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b324_hashlib.html", + "test_id": "B324", + "test_name": "hashlib" + }, + { + "code": "642 xor_output = xor(self.buf2, key)\n643 hash_buf2 = hashlib.md5(self.buf2);\n644 smblog.info('DoublePulsar payload - MD5 (before XOR decryption): %s' % (hash_buf2.hexdigest()))\n", + "col_offset": 32, + "end_col_offset": 54, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/smb/smb.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "Use of weak MD5 hash for security. Consider usedforsecurity=False", + "line_number": 643, + "line_range": [ + 643 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b324_hashlib.html", + "test_id": "B324", + "test_name": "hashlib" + }, + { + "code": "644 smblog.info('DoublePulsar payload - MD5 (before XOR decryption): %s' % (hash_buf2.hexdigest()))\n645 hash_xor_output = hashlib.md5(xor_output);\n646 smblog.info('DoublePulsar payload - MD5 (after XOR decryption ): %s' % (hash_xor_output.hexdigest()))\n", + "col_offset": 38, + "end_col_offset": 61, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/smb/smb.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "Use of weak MD5 hash for security. Consider usedforsecurity=False", + "line_number": 645, + "line_range": [ + 645 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b324_hashlib.html", + "test_id": "B324", + "test_name": "hashlib" + }, + { + "code": "1108 x = parse.urlsplit(url[1:])\n1109 if x.netloc == '0.0.0.0':\n1110 logger.info(\"Discarding download from INADDR_ANY\")\n", + "col_offset": 27, + "end_col_offset": 36, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/tftp.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 1109, + "line_range": [ + 1109 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "24 \"\"\"\n25 return hashfile(filename, hashlib.md5())\n26 \n", + "col_offset": 30, + "end_col_offset": 43, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/dionaea/util.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "Use of weak MD5 hash for security. Consider usedforsecurity=False", + "line_number": 25, + "line_range": [ + 25 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b324_hashlib.html", + "test_id": "B324", + "test_name": "hashlib" + }, + { + "code": "46 create_table = \"CREATE TABLE %s ( %s )\" % (table, cols2)\n47 insert_into = \"INSERT INTO %s (%s) VALUES (%s) \" % (\n48 table, cols, ','.join(['?' for i in colnames]))\n49 \n", + "col_offset": 22, + "end_col_offset": 56, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/csv2sqlite.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 89, + "link": "https://cwe.mitre.org/data/definitions/89.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible SQL injection vector through string-based query construction.", + "line_number": 47, + "line_range": [ + 47, + 48 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html", + "test_id": "B608", + "test_name": "hardcoded_sql_expressions" + }, + { + "code": "524 \n525 os.system(\"gnuplot {}\".format(filename_gnuplot))\n526 \n", + "col_offset": 8, + "end_col_offset": 56, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/gnuplotsql.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "HIGH", + "issue_text": "Starting a process with a shell, possible injection detected, security issue.", + "line_number": 525, + "line_range": [ + 525 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b605_start_process_with_a_shell.html", + "test_id": "B605", + "test_name": "start_process_with_a_shell" + }, + { + "code": "531 parser.add_option(\"-D\", \"--destination\", action=\"store\",\n532 type=\"string\", dest=\"destination\", default=\"/tmp/dionaea-gnuplot\")\n533 parser.add_option(\"-t\", \"--tempfile\", action=\"store\", type=\"string\",\n", + "col_offset": 65, + "end_col_offset": 87, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/gnuplotsql.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 377, + "link": "https://cwe.mitre.org/data/definitions/377.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Probable insecure usage of temp file/directory.", + "line_number": 532, + "line_range": [ + 532 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html", + "test_id": "B108", + "test_name": "hardcoded_tmp_directory" + }, + { + "code": "533 parser.add_option(\"-t\", \"--tempfile\", action=\"store\", type=\"string\",\n534 dest=\"tempfile\", default=\"/tmp/dionaea-gnuplotsql.data\")\n535 parser.add_option('-p', '--protocol', dest='protocols',\n", + "col_offset": 47, + "end_col_offset": 77, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/gnuplotsql.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 377, + "link": "https://cwe.mitre.org/data/definitions/377.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Probable insecure usage of temp file/directory.", + "line_number": 534, + "line_range": [ + 534 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b108_hardcoded_tmp_directory.html", + "test_id": "B108", + "test_name": "hardcoded_tmp_directory" + }, + { + "code": "18 \n19 pg.execute(\"DELETE FROM {0}\".format(dst['table']))\n20 offset = 0\n", + "col_offset": 15, + "end_col_offset": 32, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/logsql2postgres.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 89, + "link": "https://cwe.mitre.org/data/definitions/89.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible SQL injection vector through string-based query construction.", + "line_number": 19, + "line_range": [ + 19 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html", + "test_id": "B608", + "test_name": "hardcoded_sql_expressions" + }, + { + "code": "137 cursor = dbh.cursor()\n138 query = \"UPDATE {:s} SET {:s}=CAST(gencc({:s}) AS INTEGER)\".format(\n139 args.table,args.num_col,args.type_col)\n", + "col_offset": 12, + "end_col_offset": 63, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/updateccs.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 89, + "link": "https://cwe.mitre.org/data/definitions/89.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible SQL injection vector through string-based query construction.", + "line_number": 138, + "line_range": [ + 138 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b608_hardcoded_sql_expressions.html", + "test_id": "B608", + "test_name": "hardcoded_sql_expressions" + }, + { + "code": "282 if remote_host == \"\" or remote_host is None:\n283 remote_host = \"0.0.0.0\"\n284 if dbh is not None:\n", + "col_offset": 26, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/modules/python/util/xmpp/pg_backend.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 283, + "line_range": [ + 283 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "160 \tdef hash(s):\n161 \t\treturn hashlib.md5(s.encode('utf-8')).hexdigest()\n162 \n", + "col_offset": 9, + "end_col_offset": 39, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/dionaea-0.11.0/tests/sip/functional-test-sip.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "Use of weak MD5 hash for security. Consider usedforsecurity=False", + "line_number": 161, + "line_range": [ + 161 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b324_hashlib.html", + "test_id": "B324", + "test_name": "hashlib" + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/dionaea-0.11.0-vulnerabilities.json b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/dionaea-0.11.0-vulnerabilities.json new file mode 100644 index 0000000..ff66598 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/dionaea-0.11.0-vulnerabilities.json @@ -0,0 +1,15 @@ +{ + "0.11.0": { + "pyyaml": [ + { + "name": "pyyaml", + "installed_version": "5.3.1", + "affected_versions": "<5.4", + "cve": "CVE-2020-14343", + "vulnerability_id": "pyup.io-39611", + "advisory": "Pyyaml version 5.4 includes a fix for CVE-2020-14343: A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1860466", + "cvss_score": 9.8 + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/dionaea-0.11.0-requirements.txt b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/dionaea-0.11.0-requirements.txt new file mode 100644 index 0000000..52a5307 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/dionaea-0.11.0-requirements.txt @@ -0,0 +1,3 @@ +bson==0.5.10 +pyyaml==5.3.1 +boto3==1.16.25 \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py b/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py index c4e22ee..1f7419b 100644 --- a/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py +++ b/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py @@ -127,7 +127,7 @@ def get_release_date(self, version_tag): try: release = self.repo.get_release(version_tag) return release.published_at.date() - except github.GithubException.UnknownObjectException: + except Exception as e: print(f"\nRelease not found for tag: {version_tag}\n") # If not found then use the current datetime as the release date, otherwise use return None return datetime.datetime.now().date() @@ -311,71 +311,3 @@ def generate_summary(self, vulnerabilities): summary_text += f" - {severity_color} {vuln.vulnerability_id} - {vuln.affected_versions} - {vuln.cve} - CVSS: {vuln.cvss_score}\n" summary_text += "\n" return summary_text - - - # Functions for the patch_manager - Not tested yet - # ------------------------------------------------ - # - # def get_suggested_upgrades(self, vulnerabilities): - # """ - # Get suggested upgrades for vulnerable libraries. - - # :param vulnerabilities: Dictionary of vulnerable libraries and their vulnerability information - # :return: Dictionary of suggested upgrades - # """ - # suggested_upgrades = {} - # for library, vuln_list in vulnerabilities.items(): - # current_version = vuln_list[0]['installed_version'] - # safe_versions = set() - # for vuln in vuln_list: - # affected_versions = SpecifierSet(vuln['affected_versions']) - # # If the current version is not affected, add it to the safe versions - # safe_versions |= set(str(v) for v in (affected_versions & SpecifierSet(f">={current_version}"))) - # if safe_versions: - # suggested_upgrades[library] = str(sorted(safe_versions, key=pkg_version_parse)[-1]) - # return suggested_upgrades - - # def find_latest_requirements_file(self): - # """ - # Find the latest requirements file in the requirements_files directory. - - # :return: File name of the latest requirements file - # """ - # files = os.listdir(self.requirements_files_path) - # return max(files, key=lambda x: pkg_version_parse(x.split('-')[1])) - - # def apply_library_upgrades(self, requirements_file, suggested_upgrades): - # """ - # Apply the suggested library upgrades to the requirements file. - - # :param requirements_file: Name of the requirements file - # :param suggested_upgrades: Dictionary of suggested upgrades - # :return: None - # """ - # with open(os.path.join(self.requirements_files_path, requirements_file), "r") as f: - # requirements = [pkg_resources.Requirement.parse(line) for line in f.readlines()] - - # updated_requirements = [] - # for req in requirements: - # if req.name in suggested_upgrades: - # updated_requirements.append(pkg_resources.Requirement.parse(f"{req.name}=={suggested_upgrades[req.name]}")) - # else: - # updated_requirements.append(req) - - # return updated_requirements - - # def check_vulnerabilities(self, requirements): - # """ - # Check for vulnerable libraries in the given requirements. - - # :param requirements: List of pkg_resources.Requirement objects - # :return: Dictionary of vulnerable libraries and their vulnerability information - # """ - # vulnerabilities = {} - # for req in requirements: - # package_str = f"{req.name}=={req.specs[0][1]}" - # library_vulnerabilities = self.process_vulnerabilities([package_str]) - # if library_vulnerabilities: - # vulnerabilities[req.name] = library_vulnerabilities[req.name] - # return vulnerabilities - diff --git a/honeyscanner/reports/report_dionaea_passive.txt b/honeyscanner/reports/report_dionaea_passive.txt new file mode 100644 index 0000000..ebce2ea --- /dev/null +++ b/honeyscanner/reports/report_dionaea_passive.txt @@ -0,0 +1,87 @@ + + + ___ ___ + / | \ ____ ____ ____ ___.__. ______ ____ _____ ____ ____ ___________ +/ ~ \/ _ \ / \_/ __ < | |/ ___// ___\\__ \ / \ / \_/ __ \_ __ \ +\ Y ( <_> ) | \ ___/\___ |\___ \\ \___ / __ \| | \ | \ ___/| | \/ + \___|_ / \____/|___| /\___ > ____/____ >\___ >____ /___| /___| /\___ >__| + \/ \/ \/\/ \/ \/ \/ \/ \/ \/ + + + +Security Assessment of dionaea Honeypot, Version: 0.11.0 +Honeypot IP: 127.0.0.1 +Honeypot Port: 2323 +Date of Assessment: 2023-07-31 01:30:43 +Report Summary +Passive Attacks Results: +======================== +Honeypot Passive Attack Report +============================== + +Target: 127.0.0.1:2323 + +VulnerableLibrariesAnalyzer: + +Vulnerability Analysis Summary: +pyyaml + - Red pyup.io-39611 - <5.4 - CVE-2020-14343 - CVSS: 9.8 + + + +StaticAnalyzer: +High Severity: 9 +Medium Severity: 12 + + +ContainerSecurityScanner: +Scan Summary + +Vulnerabilities in dinotools/dionaea (ubuntu 18.04): +MEDIUM: 247 +HIGH: 16 +CRITICAL: 0 + +Secrets in dinotools/dionaea (ubuntu 18.04): +MEDIUM: 0 +HIGH: 0 +CRITICAL: 0 + + + +Active Attacks Results: +======================= +None +Overall Score: +============== +TODO: Add overall score + + +Successful Attacks: +=================== +TODO: Add successful attacks + + +Failed Attacks: +================ +TODO: Add failed attacks + + +Attack Success Rate: +==================== +TODO: Add attack success rate + + +Total Potential CVEs: 450 + + +Actionable Recommendations: +=========================== +TODO: Add actionable recommendations + + +Detailed Report: +================ +TODO: Add detailed report + + From dcac12b2927da4cf4aa781eb0be0afde8aa47e4c Mon Sep 17 00:00:00 2001 From: Aristofanis Chionis Date: Mon, 31 Jul 2023 21:35:03 +0200 Subject: [PATCH 2/3] ADD: support conpot --- README.md | 10 +- honeyscanner/core.py | 7 +- honeyscanner/honeypots/__init__.py | 3 +- honeyscanner/honeypots/conpot.py | 64 ++ honeyscanner/honeypots/dionaea.py | 2 +- honeyscanner/main.py | 4 +- .../trivy_scan_results_conpot.json | 80 ++ .../passive_attacks/results/all_cves.txt | 495 +++++++++ .../conpot_0.2.1_analysis.json | 190 ++++ .../analysis_results/conpot_0.2_analysis.json | 190 ++++ .../conpot_Release_0.5.2_analysis.json | 610 +++++++++++ .../conpot_Release_0.6.0_analysis.json | 978 ++++++++++++++++++ .../static_analyzer/static_analyzer.py | 3 + .../conpot-0.2-vulnerabilities.json | 3 + .../conpot-0.2.1-vulnerabilities.json | 3 + .../conpot-0.5.2-vulnerabilities.json | 173 ++++ .../conpot-0.6.0-vulnerabilities.json | 182 ++++ .../conpot-0.2-requirements.txt | 5 + .../conpot-0.2.1-requirements.txt | 5 + .../conpot-0.5.2-requirements.txt | 27 + .../conpot-0.6.0-requirements.txt | 34 + .../vuln_analyzer/vuln_analyzer.py | 2 + honeyscanner/reports/report.txt | 127 +++ 23 files changed, 3188 insertions(+), 9 deletions(-) create mode 100644 honeyscanner/honeypots/conpot.py create mode 100644 honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_conpot.json create mode 100644 honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2.1_analysis.json create mode 100644 honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2_analysis.json create mode 100644 honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.5.2_analysis.json create mode 100644 honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.6.0_analysis.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2-vulnerabilities.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2.1-vulnerabilities.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.5.2-vulnerabilities.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.6.0-vulnerabilities.json create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2-requirements.txt create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2.1-requirements.txt create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.5.2-requirements.txt create mode 100644 honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.6.0-requirements.txt create mode 100644 honeyscanner/reports/report.txt diff --git a/README.md b/README.md index 518f399..b9dfb44 100644 --- a/README.md +++ b/README.md @@ -63,14 +63,17 @@ The following instructions will guide you through the process of setting up Hone - If you prefer to test Honeyscanner against [Kippo](https://github.com/desaster/kippo), you can use the following Docker Image in DockerHub [here](https://hub.docker.com/r/aristofanischionis/kippo). -- For testing Honeyscanner against [Dionaea](https://github.com/DinoTools/dionaea), use the following Docker Image in DockerHub [here](https://hub.docker.com/r/dinotools/dionaea). +- For testing Honeyscanner against [Dionaea](https://github.com/DinoTools/dionaea), use the following Docker Image in DockerHub [here](https://hub.docker.com/r/dinotools/dionaea). + +- For testing Honeyscanner against [Conpot](https://github.com/mushorg/conpot), use the following Docker Image in DockerHub [here](https://hub.docker.com/r/honeynet/conpot). - After running a Honeypot using Docker containers locally, you will be able to specify the following parameters: `--target_ip 127.0.0.1 --port 2222` when running the Honeyscanner. > **__NOTE__:** NEVER RUN `Honeyscanner` AGAINST HONEYPOTS YOU DO NOT OWN, OR YOU DO NOT HAVE EXPLICIT PERMISSION TO TEST. -> **__NOTE__:** Currently `Honeyscanner` cannot actively attack the `Dionaea` honeypot, it can only use its passive scanners and discover vulnerabilities and CVEs. +> **__NOTE__:** Currently `Honeyscanner` cannot actively attack the `Dionaea` and the `Conpot` honeypots, it can only use its passive scanners and discover vulnerabilities and CVEs on them. +> **__NOTE__:** For `Dionaea` only version 0.11.0 is supported at this stage of `Honeyscanner`. For `Conpot`, all versions up to `0.6.0` are supported. ## Usage Use the following examples as a reference for how to run `Honeyscanner`: @@ -84,6 +87,9 @@ python3 main.py --honeypot kippo --honeypot_version 0.9 --target_ip 127.0.0.1 -- ```bash python3 main.py --honeypot dionaea --honeypot_version 0.11.0 --target_ip 127.0.0.1 --port 2323 ``` +```bash +python3 main.py --honeypot conpot --honeypot_version 0.6.0 --target_ip 127.0.0.1 --port 2323 +``` ## Contributors diff --git a/honeyscanner/core.py b/honeyscanner/core.py index c48a916..cad1be6 100644 --- a/honeyscanner/core.py +++ b/honeyscanner/core.py @@ -1,4 +1,4 @@ -from honeypots import Cowrie, Kippo, Dionaea +from honeypots import Cowrie, Kippo, Dionaea, Conpot from passive_attacks import AttackOrchestrator as PassiveAttackOrchestrator from active_attacks import AttackOrchestrator as ActiveAttackOrchestrator from report_generator import ReportGenerator @@ -17,6 +17,7 @@ def create_honeypot(self, honeypot_type, honeypot_version, honeypot_ip, honeypot 'cowrie': Cowrie, 'kippo': Kippo, 'dionaea': Dionaea, + 'conpot': Conpot } if honeypot_type not in honeypot_class_map: supported_honeypots = ', '.join(honeypot_class_map.keys()) @@ -27,8 +28,8 @@ def run_all_attacks(self): # Passive attacks self.passive_attack_orchestrator.run_attacks() self.passive_attack_results = self.passive_attack_orchestrator.generate_report() - if (self.honeypot.name == "dionaea"): - print("Dionaea does not support active attacks yet, stay tuned for updates! Bye!") + if (self.honeypot.name == "dionaea" or self.honeypot.name == "conpot"): + print("Dionaea and Conpot do not support active attacks yet, stay tuned for updates!") return # Active attacks self.active_attack_orchestrator.run_attacks() diff --git a/honeyscanner/honeypots/__init__.py b/honeyscanner/honeypots/__init__.py index f4542ec..cb71165 100644 --- a/honeyscanner/honeypots/__init__.py +++ b/honeyscanner/honeypots/__init__.py @@ -1,3 +1,4 @@ from .cowrie import Cowrie from .kippo import Kippo -from .dionaea import Dionaea \ No newline at end of file +from .dionaea import Dionaea +from .conpot import Conpot \ No newline at end of file diff --git a/honeyscanner/honeypots/conpot.py b/honeyscanner/honeypots/conpot.py new file mode 100644 index 0000000..bb73571 --- /dev/null +++ b/honeyscanner/honeypots/conpot.py @@ -0,0 +1,64 @@ +from .base_honeypot import BaseHoneypot + +class Conpot(BaseHoneypot): + def __init__(self, version, ip, port, username='', password=''): + if username is None: + username = '' + if password is None: + password = '' + super().__init__("conpot", version, ip, port, username, password) + + def set_source_code_url(self): + return "https://github.com/mushorg/conpot/archive/refs/tags" + + def set_versions_list(self): + return [ + { + "version": "0.6.0", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.6.0/requirements.txt", + }, + { + "version": "0.5.2", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.5.2/requirements.txt", + }, + { + "version": "0.5.1", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.5.1/requirements.txt", + }, + { + "version": "0.5.0", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.5.0/requirements.txt", + }, + { + "version": "0.4.0", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.4.0/requirements.txt", + }, + { + "version": "0.3.1", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.3.1/requirements.txt", + }, + { + "version": "0.3.0", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/Release_0.3.0/requirements.txt", + }, + # NO Release_ used in front of the version from here on + { + "version": "0.2.2", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2.2/requirements.txt", + }, + { + "version": "0.2.2", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2.2/requirements.txt", + }, + { + "version": "0.2.1", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2.1/requirements.txt", + }, + { + "version": "0.2", + "requirements_url": "https://raw.githubusercontent.com/mushorg/conpot/0.2/requirements.txt", + } + ] + + def set_owner(self): + return "mushorg" \ No newline at end of file diff --git a/honeyscanner/honeypots/dionaea.py b/honeyscanner/honeypots/dionaea.py index 80fcc67..c2d5e8f 100644 --- a/honeyscanner/honeypots/dionaea.py +++ b/honeyscanner/honeypots/dionaea.py @@ -2,7 +2,7 @@ class Dionaea(BaseHoneypot): def __init__(self, version, ip, port, username='', password=''): - # Dionaee does not have a default username and password + # Dionaea does not have a default username and password if username is None: username = '' if password is None: diff --git a/honeyscanner/main.py b/honeyscanner/main.py index 176da15..bc94378 100644 --- a/honeyscanner/main.py +++ b/honeyscanner/main.py @@ -29,8 +29,8 @@ def parse_arguments(): "--honeypot", type=sanitize_string, required=True, - choices=["cowrie", "kippo", "dionaea"], - help="Honeypot to analyze, currently supported: (cowrie, kippo and dionaea)", + choices=["cowrie", "kippo", "dionaea", "conpot"], + help="Honeypot to analyze, currently supported: (cowrie, kippo, dionaea and conpot)", ) parser.add_argument( "--honeypot_version", diff --git a/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_conpot.json b/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_conpot.json new file mode 100644 index 0000000..caea77a --- /dev/null +++ b/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_conpot.json @@ -0,0 +1,80 @@ +[ + { + "Target": "conpot/templates/default/ssl/ssl.key", + "Class": "secret", + "Secrets": [ + { + "RuleID": "private-key", + "Category": "AsymmetricPrivateKey", + "Severity": "HIGH", + "Title": "Asymmetric Private Key", + "StartLine": 1, + "EndLine": 1, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "-----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "-----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 2, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": "----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "Layer": {} + } + ] + }, + { + "Target": "conpot/templates/kamstrup_382/ssl/ssl.key", + "Class": "secret", + "Secrets": [ + { + "RuleID": "private-key", + "Category": "AsymmetricPrivateKey", + "Severity": "HIGH", + "Title": "Asymmetric Private Key", + "StartLine": 1, + "EndLine": 1, + "Code": { + "Lines": [ + { + "Number": 1, + "Content": "-----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "-----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE KEY-----", + "FirstCause": true, + "LastCause": true + }, + { + "Number": 2, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": false, + "FirstCause": false, + "LastCause": false + } + ] + }, + "Match": "----BEGIN RSA PRIVATE KEY-----******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************-----END RSA PRIVATE", + "Layer": {} + } + ] + } +] \ No newline at end of file diff --git a/honeyscanner/passive_attacks/results/all_cves.txt b/honeyscanner/passive_attacks/results/all_cves.txt index e69de29..f2ace5f 100644 --- a/honeyscanner/passive_attacks/results/all_cves.txt +++ b/honeyscanner/passive_attacks/results/all_cves.txt @@ -0,0 +1,495 @@ +CVE-2013-7459 +CVE-2013-7459 +CVE-2018-19787 +PVE-2021-39195 +CVE-2020-27783 +CVE-2021-28957 +CVE-2021-43818 +CVE-2022-2309 +CVE-2020-28473 +CVE-2022-31799 +CVE-2020-28493 +CVE-2019-10906 +CVE-2018-18074 +CVE-2023-32681 +CVE-2020-11023 +CVE-2020-11022 +CVE-2020-27197 +CVE-2019-1010142 +CVE-2013-7459 +CVE-2013-7459 +CVE-2018-19787 +PVE-2021-39195 +CVE-2020-27783 +CVE-2021-28957 +CVE-2021-43818 +CVE-2022-2309 +CVE-2020-28473 +CVE-2022-31799 +CVE-2020-28493 +CVE-2019-10906 +CVE-2018-18074 +CVE-2023-32681 +CVE-2020-11023 +CVE-2020-11022 +CVE-2020-27197 +CVE-2019-1010142 +CVE-2013-7459 +CVE-2013-7459 +CVE-2021-30860 +CVE-2021-30663 +CVE-2021-22205 +CVE-2021-21220 +CVE-2020-9054 +CVE-2020-3452 +CVE-2020-3161 +CVE-2020-3580 +CVE-2021-37147 +CVE-2008-5305 +CVE-2008-2223 +CVE-2008-3477 +CVE-2008-3843 +CVE-2008-3174 +CVE-2007-3409 +CVE-2006-6870 +CVE-2008-1303 +CVE-2007-5893 +CVE-2006-6658 +CVE-2008-4114 +CVE-2006-3790 +CVE-2008-2309 +CVE-2008-3494 +CVE-2008-3571 +CVE-2006-5525 +CVE-2008-1284 +CVE-2008-0600 +CVE-2008-1738 +CVE-2008-1737 +CVE-2008-3464 +CVE-2008-2252 +CVE-2008-2374 +CVE-2008-1440 +CVE-2008-1625 +CVE-2008-3177 +CVE-2007-2442 +CVE-2008-5563 +CVE-2008-5285 +CVE-2008-3812 +CVE-2008-3680 +CVE-2008-3660 +CVE-2020-10987 +CVE-2020-10221 +CVE-1999-0067 +CVE-2001-1246 +CVE-2002-0061 +CVE-2003-0041 +CVE-2008-2575 +CVE-2002-1898 +CVE-2008-4304 +CVE-2008-4796 +CVE-2007-3572 +CVE-2012-1988 +CVE-2022-29519 +CVE-2022-30312 +CVE-2022-31204 +CVE-2002-1949 +CVE-2008-4122 +CVE-2008-3289 +CVE-2008-4390 +CVE-2007-5626 +CVE-2004-1852 +CVE-2008-0374 +CVE-2007-4961 +CVE-2007-4786 +CVE-2005-3140 +CVE-2022-30273 +CVE-2022-30320 +CVE-2008-3775 +CVE-2007-4150 +CVE-2007-5460 +CVE-2005-4860 +CVE-2002-2058 +CVE-2008-3188 +CVE-2005-2946 +CVE-2007-6013 +CVE-2022-21668 +CVE-2020-7218 +CVE-2020-3566 +CVE-2009-2874 +CVE-2009-1928 +CVE-2009-2858 +CVE-2009-2726 +CVE-2009-2540 +CVE-2009-2299 +CVE-2009-2054 +CVE-2008-5180 +CVE-2008-2121 +CVE-2008-2122 +CVE-2008-1700 +CVE-2007-4103 +CVE-2006-1173 +CVE-2007-0897 +CVE-2020-10987 +CVE-2020-10221 +CVE-2020-9054 +CVE-1999-0067 +CVE-2001-1246 +CVE-2002-0061 +CVE-2003-0041 +CVE-2008-2575 +CVE-2002-1898 +CVE-2008-4304 +CVE-2008-4796 +CVE-2007-3572 +CVE-2012-1988 +CVE-2021-30860 +CVE-2021-30663 +CVE-2021-22205 +CVE-2021-21220 +CVE-2020-3452 +CVE-2020-3161 +CVE-2020-3580 +CVE-2021-37147 +CVE-2008-5305 +CVE-2008-2223 +CVE-2008-3477 +CVE-2008-3843 +CVE-2008-3174 +CVE-2007-3409 +CVE-2006-6870 +CVE-2008-1303 +CVE-2007-5893 +CVE-2006-6658 +CVE-2008-4114 +CVE-2006-3790 +CVE-2008-2309 +CVE-2008-3494 +CVE-2008-3571 +CVE-2006-5525 +CVE-2008-1284 +CVE-2008-0600 +CVE-2008-1738 +CVE-2008-1737 +CVE-2008-3464 +CVE-2008-2252 +CVE-2008-2374 +CVE-2008-1440 +CVE-2008-1625 +CVE-2008-3177 +CVE-2007-2442 +CVE-2008-5563 +CVE-2008-5285 +CVE-2008-3812 +CVE-2008-3680 +CVE-2008-3660 +CVE-2019-20916 +CVE-2022-31503 +CVE-2022-24877 +CVE-2021-21972 +CVE-2020-4053 +CVE-2019-10743 +CVE-2010-0467 +CVE-2009-4194 +CVE-2009-4053 +CVE-2009-0244 +CVE-2009-4013 +CVE-2009-4449 +CVE-2009-4581 +CVE-2010-0012 +CVE-2010-0013 +CVE-2008-5748 +CVE-2009-1936 +CVE-2004-0325 +CVE-2020-10987 +CVE-2020-10221 +CVE-2020-9054 +CVE-1999-0067 +CVE-2001-1246 +CVE-2002-0061 +CVE-2003-0041 +CVE-2008-2575 +CVE-2002-1898 +CVE-2008-4304 +CVE-2008-4796 +CVE-2007-3572 +CVE-2012-1988 +CVE-2021-30860 +CVE-2021-30663 +CVE-2021-22205 +CVE-2021-21220 +CVE-2020-3452 +CVE-2020-3161 +CVE-2020-3580 +CVE-2021-37147 +CVE-2008-5305 +CVE-2008-2223 +CVE-2008-3477 +CVE-2008-3843 +CVE-2008-3174 +CVE-2007-3409 +CVE-2006-6870 +CVE-2008-1303 +CVE-2007-5893 +CVE-2006-6658 +CVE-2008-4114 +CVE-2006-3790 +CVE-2008-2309 +CVE-2008-3494 +CVE-2008-3571 +CVE-2006-5525 +CVE-2008-1284 +CVE-2008-0600 +CVE-2008-1738 +CVE-2008-1737 +CVE-2008-3464 +CVE-2008-2252 +CVE-2008-2374 +CVE-2008-1440 +CVE-2008-1625 +CVE-2008-3177 +CVE-2007-2442 +CVE-2008-5563 +CVE-2008-5285 +CVE-2008-3812 +CVE-2008-3680 +CVE-2008-3660 +CVE-2019-20916 +CVE-2022-31503 +CVE-2022-24877 +CVE-2021-21972 +CVE-2020-4053 +CVE-2019-10743 +CVE-2010-0467 +CVE-2009-4194 +CVE-2009-4053 +CVE-2009-0244 +CVE-2009-4013 +CVE-2009-4449 +CVE-2009-4581 +CVE-2010-0012 +CVE-2010-0013 +CVE-2008-5748 +CVE-2009-1936 +CVE-2004-0325 +CVE-2018-19787 +PVE-2021-39195 +CVE-2020-27783 +CVE-2021-28957 +CVE-2021-43818 +CVE-2022-2309 +CVE-2020-28473 +CVE-2022-31799 +CVE-2020-28493 +CVE-2019-10906 +CVE-2018-18074 +CVE-2023-32681 +CVE-2020-11023 +CVE-2020-11022 +CVE-2020-27197 +CVE-2019-1010142 +CVE-2013-7459 +CVE-2021-30860 +CVE-2021-30663 +CVE-2021-22205 +CVE-2021-21220 +CVE-2020-9054 +CVE-2020-3452 +CVE-2020-3161 +CVE-2020-3580 +CVE-2021-37147 +CVE-2008-5305 +CVE-2008-2223 +CVE-2008-3477 +CVE-2008-3843 +CVE-2008-3174 +CVE-2007-3409 +CVE-2006-6870 +CVE-2008-1303 +CVE-2007-5893 +CVE-2006-6658 +CVE-2008-4114 +CVE-2006-3790 +CVE-2008-2309 +CVE-2008-3494 +CVE-2008-3571 +CVE-2006-5525 +CVE-2008-1284 +CVE-2008-0600 +CVE-2008-1738 +CVE-2008-1737 +CVE-2008-3464 +CVE-2008-2252 +CVE-2008-2374 +CVE-2008-1440 +CVE-2008-1625 +CVE-2008-3177 +CVE-2007-2442 +CVE-2008-5563 +CVE-2008-5285 +CVE-2008-3812 +CVE-2008-3680 +CVE-2008-3660 +CVE-2020-10987 +CVE-2020-10221 +CVE-1999-0067 +CVE-2001-1246 +CVE-2002-0061 +CVE-2003-0041 +CVE-2008-2575 +CVE-2002-1898 +CVE-2008-4304 +CVE-2008-4796 +CVE-2007-3572 +CVE-2012-1988 +CVE-2022-29519 +CVE-2022-30312 +CVE-2022-31204 +CVE-2002-1949 +CVE-2008-4122 +CVE-2008-3289 +CVE-2008-4390 +CVE-2007-5626 +CVE-2004-1852 +CVE-2008-0374 +CVE-2007-4961 +CVE-2007-4786 +CVE-2005-3140 +CVE-2022-30273 +CVE-2022-30320 +CVE-2008-3775 +CVE-2007-4150 +CVE-2007-5460 +CVE-2005-4860 +CVE-2002-2058 +CVE-2008-3188 +CVE-2005-2946 +CVE-2007-6013 +CVE-2019-20916 +CVE-2022-31503 +CVE-2022-24877 +CVE-2021-21972 +CVE-2020-4053 +CVE-2019-10743 +CVE-2010-0467 +CVE-2009-4194 +CVE-2009-4053 +CVE-2009-0244 +CVE-2009-4013 +CVE-2009-4449 +CVE-2009-4581 +CVE-2010-0012 +CVE-2010-0013 +CVE-2008-5748 +CVE-2009-1936 +CVE-2004-0325 +CVE-2018-19787 +PVE-2021-39195 +CVE-2020-27783 +CVE-2021-28957 +CVE-2021-43818 +CVE-2022-2309 +CVE-2020-28473 +CVE-2022-31799 +CVE-2020-28493 +CVE-2019-10906 +CVE-2018-18074 +CVE-2023-32681 +CVE-2020-11023 +CVE-2020-11022 +CVE-2020-27197 +CVE-2019-1010142 +CVE-2013-7459 +CVE-2021-30860 +CVE-2021-30663 +CVE-2021-22205 +CVE-2021-21220 +CVE-2020-9054 +CVE-2020-3452 +CVE-2020-3161 +CVE-2020-3580 +CVE-2021-37147 +CVE-2008-5305 +CVE-2008-2223 +CVE-2008-3477 +CVE-2008-3843 +CVE-2008-3174 +CVE-2007-3409 +CVE-2006-6870 +CVE-2008-1303 +CVE-2007-5893 +CVE-2006-6658 +CVE-2008-4114 +CVE-2006-3790 +CVE-2008-2309 +CVE-2008-3494 +CVE-2008-3571 +CVE-2006-5525 +CVE-2008-1284 +CVE-2008-0600 +CVE-2008-1738 +CVE-2008-1737 +CVE-2008-3464 +CVE-2008-2252 +CVE-2008-2374 +CVE-2008-1440 +CVE-2008-1625 +CVE-2008-3177 +CVE-2007-2442 +CVE-2008-5563 +CVE-2008-5285 +CVE-2008-3812 +CVE-2008-3680 +CVE-2008-3660 +CVE-2020-10987 +CVE-2020-10221 +CVE-1999-0067 +CVE-2001-1246 +CVE-2002-0061 +CVE-2003-0041 +CVE-2008-2575 +CVE-2002-1898 +CVE-2008-4304 +CVE-2008-4796 +CVE-2007-3572 +CVE-2012-1988 +CVE-2022-29519 +CVE-2022-30312 +CVE-2022-31204 +CVE-2002-1949 +CVE-2008-4122 +CVE-2008-3289 +CVE-2008-4390 +CVE-2007-5626 +CVE-2004-1852 +CVE-2008-0374 +CVE-2007-4961 +CVE-2007-4786 +CVE-2005-3140 +CVE-2022-30273 +CVE-2022-30320 +CVE-2008-3775 +CVE-2007-4150 +CVE-2007-5460 +CVE-2005-4860 +CVE-2002-2058 +CVE-2008-3188 +CVE-2005-2946 +CVE-2007-6013 +CVE-2019-20916 +CVE-2022-31503 +CVE-2022-24877 +CVE-2021-21972 +CVE-2020-4053 +CVE-2019-10743 +CVE-2010-0467 +CVE-2009-4194 +CVE-2009-4053 +CVE-2009-0244 +CVE-2009-4013 +CVE-2009-4449 +CVE-2009-4581 +CVE-2010-0012 +CVE-2010-0013 +CVE-2008-5748 +CVE-2009-1936 +CVE-2004-0325 diff --git a/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2.1_analysis.json b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2.1_analysis.json new file mode 100644 index 0000000..61fb786 --- /dev/null +++ b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2.1_analysis.json @@ -0,0 +1,190 @@ +{ + "0.2.1": { + "summary": { + "high_severity": 2, + "medium_severity": 7 + }, + "results": [ + { + "code": "22 secret = config.get('hpfriends', 'secret')\n23 channels = eval(config.get('hpfriends', 'channels'))\n24 try:\n", + "col_offset": 23, + "end_col_offset": 64, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/conpot/logging/log_worker.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 23, + "line_range": [ + 23 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "36 #parse slave configuration\n37 dom = etree.parse(template)\n38 slaves = dom.xpath('//conpot_template/slaves/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/conpot/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 37, + "line_range": [ + 37 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "45 name = b.attrib['name']\n46 type = eval('mdef.' + b.xpath('./type/text()')[0])\n47 start_addr = int(b.xpath('./starting_address/text()')[0])\n", + "col_offset": 23, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/conpot/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 46, + "line_range": [ + 46 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "53 addr = int(v.xpath('./address/text()')[0])\n54 value = eval(v.xpath('./content/text()')[0])\n55 slave.set_values(name, addr, value)\n", + "col_offset": 28, + "end_col_offset": 64, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/conpot/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 54, + "line_range": [ + 54 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "29 self.port = port\n30 dom = etree.parse(template)\n31 mibs = dom.xpath('//conpot_template/snmp/mibs/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/conpot/snmp/snmp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 30, + "line_range": [ + 30 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "39 self.log_queue = Queue()\n40 dom = etree.parse('conpot/templates/default.xml')\n41 mibs = dom.xpath('//conpot_template/snmp/mibs/*')\n", + "col_offset": 14, + "end_col_offset": 57, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/conpot/tests/test_snmp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 40, + "line_range": [ + 40 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "76 tar = tarfile.open(tarball)\n77 _extractall(tar)\n78 tar.close()\n", + "col_offset": 8, + "end_col_offset": 24, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/distribute_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "HIGH", + "issue_text": "tarfile.extractall used without any validation. Please check and discard dangerous members.", + "line_number": 77, + "line_range": [ + 77 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b202_tarfile_unsafe_members.html", + "test_id": "B202", + "test_name": "tarfile_unsafe_members" + }, + { + "code": "104 tar = tarfile.open(tarball)\n105 _extractall(tar)\n106 tar.close()\n", + "col_offset": 8, + "end_col_offset": 24, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/distribute_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "HIGH", + "issue_text": "tarfile.extractall used without any validation. Please check and discard dangerous members.", + "line_number": 105, + "line_range": [ + 105 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b202_tarfile_unsafe_members.html", + "test_id": "B202", + "test_name": "tarfile_unsafe_members" + }, + { + "code": "200 log.warn(\"Downloading %s\", url)\n201 src = urlopen(url)\n202 # Read/write all in one block, so we don't create a corrupt file\n", + "col_offset": 18, + "end_col_offset": 30, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2.1/distribute_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.", + "line_number": 201, + "line_range": [ + 201 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "test_id": "B310", + "test_name": "blacklist" + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2_analysis.json b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2_analysis.json new file mode 100644 index 0000000..50e8564 --- /dev/null +++ b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_0.2_analysis.json @@ -0,0 +1,190 @@ +{ + "0.2": { + "summary": { + "high_severity": 2, + "medium_severity": 7 + }, + "results": [ + { + "code": "22 secret = config.get('hpfriends', 'secret')\n23 channels = eval(config.get('hpfriends', 'channels'))\n24 try:\n", + "col_offset": 23, + "end_col_offset": 64, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/conpot/logging/log_worker.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 23, + "line_range": [ + 23 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "36 #parse slave configuration\n37 dom = etree.parse(template)\n38 slaves = dom.xpath('//conpot_template/slaves/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/conpot/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 37, + "line_range": [ + 37 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "45 name = b.attrib['name']\n46 type = eval('mdef.' + b.xpath('./type/text()')[0])\n47 start_addr = int(b.xpath('./starting_address/text()')[0])\n", + "col_offset": 23, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/conpot/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 46, + "line_range": [ + 46 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "53 addr = int(v.xpath('./address/text()')[0])\n54 value = eval(v.xpath('./content/text()')[0])\n55 slave.set_values(name, addr, value)\n", + "col_offset": 28, + "end_col_offset": 64, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/conpot/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 54, + "line_range": [ + 54 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "29 self.port = port\n30 dom = etree.parse(template)\n31 mibs = dom.xpath('//conpot_template/snmp/mibs/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/conpot/snmp/snmp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 30, + "line_range": [ + 30 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "39 self.log_queue = Queue()\n40 dom = etree.parse('conpot/templates/default.xml')\n41 mibs = dom.xpath('//conpot_template/snmp/mibs/*')\n", + "col_offset": 14, + "end_col_offset": 57, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/conpot/tests/test_snmp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 40, + "line_range": [ + 40 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "76 tar = tarfile.open(tarball)\n77 _extractall(tar)\n78 tar.close()\n", + "col_offset": 8, + "end_col_offset": 24, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/distribute_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "HIGH", + "issue_text": "tarfile.extractall used without any validation. Please check and discard dangerous members.", + "line_number": 77, + "line_range": [ + 77 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b202_tarfile_unsafe_members.html", + "test_id": "B202", + "test_name": "tarfile_unsafe_members" + }, + { + "code": "104 tar = tarfile.open(tarball)\n105 _extractall(tar)\n106 tar.close()\n", + "col_offset": 8, + "end_col_offset": 24, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/distribute_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "HIGH", + "issue_text": "tarfile.extractall used without any validation. Please check and discard dangerous members.", + "line_number": 105, + "line_range": [ + 105 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b202_tarfile_unsafe_members.html", + "test_id": "B202", + "test_name": "tarfile_unsafe_members" + }, + { + "code": "200 log.warn(\"Downloading %s\", url)\n201 src = urlopen(url)\n202 # Read/write all in one block, so we don't create a corrupt file\n", + "col_offset": 18, + "end_col_offset": 30, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-0.2/distribute_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.", + "line_number": 201, + "line_range": [ + 201 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "test_id": "B310", + "test_name": "blacklist" + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.5.2_analysis.json b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.5.2_analysis.json new file mode 100644 index 0000000..aecd714 --- /dev/null +++ b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.5.2_analysis.json @@ -0,0 +1,610 @@ +{ + "Release_0.5.2": { + "summary": { + "high_severity": 7, + "medium_severity": 23 + }, + "results": [ + { + "code": "78 logger.debug('Initializing databus using %s.', config_file)\n79 dom = etree.parse(config_file)\n80 entries = dom.xpath('//core/databus/key_value_mappings/*')\n", + "col_offset": 14, + "end_col_offset": 38, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/core/databus.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 79, + "line_range": [ + 79 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "87 if value_type == 'value':\n88 self.set_value(key, eval(value))\n89 elif value_type == 'function':\n", + "col_offset": 36, + "end_col_offset": 47, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/core/databus.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 88, + "line_range": [ + 88 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "95 # eval param to list\n96 params = eval(params[0])\n97 self.set_value(key, _class(*(tuple(params))))\n", + "col_offset": 29, + "end_col_offset": 44, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/core/databus.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 96, + "line_range": [ + 96 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "76 secret = config.get('hpfriends', 'secret')\n77 channels = eval(config.get('hpfriends', 'channels'))\n78 try:\n", + "col_offset": 23, + "end_col_offset": 64, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/core/loggers/log_worker.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 77, + "line_range": [ + 77 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "30 self.registers = {}\n31 dom = etree.parse(template)\n32 categories = dom.xpath('//IEC104/categories/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/IEC104/DeviceDataController.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 31, + "line_range": [ + 31 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "38 def __init__(self, template, template_directory, args):\n39 self.dom = etree.parse(template)\n40 databus = conpot_core.get_databus()\n", + "col_offset": 19, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/bacnet/bacnet_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 39, + "line_range": [ + 39 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "56 def parse_template(self):\n57 dom = etree.parse(self.template)\n58 self.server_addr = dom.xpath('//enip/@host')[0]\n", + "col_offset": 14, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/enip/enip_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 57, + "line_range": [ + 57 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "19 \n20 from pyghmi.ipmi.bmc import Bmc\n21 \n", + "col_offset": 0, + "end_col_offset": 31, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/fakebmc.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 20, + "line_range": [ + 20 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "23 \n24 import pyghmi.exceptions as exc\n25 import pyghmi.ipmi.private.constants as constants\n", + "col_offset": 0, + "end_col_offset": 31, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 24, + "line_range": [ + 24 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "24 import pyghmi.exceptions as exc\n25 import pyghmi.ipmi.private.constants as constants\n26 from pyghmi.ipmi.private.session import Session\n", + "col_offset": 0, + "end_col_offset": 49, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 25, + "line_range": [ + 25 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "25 import pyghmi.ipmi.private.constants as constants\n26 from pyghmi.ipmi.private.session import Session\n27 \n", + "col_offset": 0, + "end_col_offset": 47, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 26, + "line_range": [ + 26 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "30 import hashlib\n31 from Crypto.Cipher import AES\n32 \n", + "col_offset": 0, + "end_col_offset": 29, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "The pyCrypto library and its module AES are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.", + "line_number": 31, + "line_range": [ + 31 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b413-import-pycrypto", + "test_id": "B413", + "test_name": "blacklist" + }, + { + "code": "25 \n26 import pyghmi.ipmi.private.constants as constants\n27 import pyghmi.ipmi.private.serversession as serversession\n", + "col_offset": 0, + "end_col_offset": 49, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/ipmi_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 26, + "line_range": [ + 26 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "26 import pyghmi.ipmi.private.constants as constants\n27 import pyghmi.ipmi.private.serversession as serversession\n28 \n", + "col_offset": 0, + "end_col_offset": 57, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/ipmi_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 27, + "line_range": [ + 27 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "46 def __init__(self, template, template_directory, args):\n47 dom = etree.parse(template)\n48 databus = conpot_core.get_databus()\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/ipmi/ipmi_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 47, + "line_range": [ + 47 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "344 \n345 if databus.get_value(\"kap_b_server_ip\") == \"0.0.0.0\":\n346 return self.CMD_OUTPUT_SINGLE.format(cmd_ok,\n", + "col_offset": 51, + "end_col_offset": 60, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/kamstrup/management_protocol/commands.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 345, + "line_range": [ + 345 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "494 ip_addr = parse_ip(params)\n495 if ip_addr == \"0.0.0.0\":\n496 if databus.get_value(\"use_dhcp\") == \"NO\":\n", + "col_offset": 26, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/kamstrup/management_protocol/commands.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 495, + "line_range": [ + 495 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "759 def parse_ip(ip_string):\n760 default = \"0.0.0.0\"\n761 if \".\" in ip_string:\n", + "col_offset": 14, + "end_col_offset": 23, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/kamstrup/management_protocol/commands.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 760, + "line_range": [ + 760 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "33 \n34 dom = etree.parse(template)\n35 registers = dom.xpath('//kamstrup_meter/registers/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/kamstrup/meter_protocol/command_responder.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 34, + "line_range": [ + 34 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "48 def _get_mode_and_delay(self, template):\n49 dom = etree.parse(template)\n50 self.mode = dom.xpath('//modbus/mode/text()')[0].lower()\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 49, + "line_range": [ + 49 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "62 def _configure_slaves(self, template):\n63 dom = etree.parse(template)\n64 slaves = dom.xpath('//modbus/slaves/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 63, + "line_range": [ + 63 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "71 name = b.attrib['name']\n72 request_type = eval('mdef.' + b.xpath('./type/text()')[0])\n73 start_addr = int(b.xpath('./starting_address/text()')[0])\n", + "col_offset": 35, + "end_col_offset": 78, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 72, + "line_range": [ + 72 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "23 Databank.__init__(self)\n24 self.dom = etree.parse(template)\n25 \n", + "col_offset": 19, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/modbus/slave_db.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 24, + "line_range": [ + 24 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "44 \n45 dom = etree.parse(template)\n46 \n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/s7comm/s7_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 45, + "line_range": [ + 45 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "40 \n41 self.dom = etree.parse(template)\n42 self.cmd_responder = None\n", + "col_offset": 19, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/protocols/snmp/snmp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 41, + "line_range": [ + 41 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "58 self.bacnet_server = bacnet_server.BacnetServer('conpot/templates/default/bacnet/bacnet.xml', 'none', args)\n59 self.server_greenlet = gevent.spawn(self.bacnet_server.start, '0.0.0.0', 0)\n60 gevent.sleep(1)\n", + "col_offset": 70, + "end_col_offset": 79, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/tests/test_bacnet_server.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 59, + "line_range": [ + 59 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "38 sensorid = 'default'\n39 public_ip = '0.0.0.0'\n40 dst_port = 502\n", + "col_offset": 20, + "end_col_offset": 29, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/tests/test_logger_json.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 39, + "line_range": [ + 39 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "50 1: {'request': 'give me apples', 'response': 'no way'}}}\n51 dom = etree.parse('conpot/templates/default/template.xml')\n52 stixTransformer = StixTransformer(config, dom)\n", + "col_offset": 14, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/tests/test_taxii.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 51, + "line_range": [ + 51 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "84 1: {'request': 'give me apples', 'response': 'no way'}}}\n85 dom = etree.parse('conpot/templates/default/template.xml')\n86 taxiiLogger = TaxiiLogger(config, dom)\n", + "col_offset": 14, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/conpot/tests/test_taxii.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 85, + "line_range": [ + 85 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "241 \"\"\"\n242 src = urlopen(url)\n243 try:\n", + "col_offset": 10, + "end_col_offset": 22, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.5.2/ez_setup.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 22, + "link": "https://cwe.mitre.org/data/definitions/22.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.", + "line_number": 242, + "line_range": [ + 242 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b310-urllib-urlopen", + "test_id": "B310", + "test_name": "blacklist" + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.6.0_analysis.json b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.6.0_analysis.json new file mode 100644 index 0000000..71fab54 --- /dev/null +++ b/honeyscanner/passive_attacks/static_analyzer/analysis_results/conpot_Release_0.6.0_analysis.json @@ -0,0 +1,978 @@ +{ + "Release_0.6.0": { + "summary": { + "high_severity": 10, + "medium_severity": 38 + }, + "results": [ + { + "code": "157 \n158 parsed_xml = xml.dom.minidom.parseString(config_xml)\n159 pretty_xml = parsed_xml.toprettyxml()\n", + "col_offset": 17, + "end_col_offset": 56, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/bin/kamstrup_prober.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using xml.dom.minidom.parseString to parse untrusted XML data is known to be vulnerable to XML attacks. Replace xml.dom.minidom.parseString with its defusedxml equivalent function or make sure defusedxml.defuse_stdlib() is called", + "line_number": 158, + "line_range": [ + 158 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-minidom", + "test_id": "B318", + "test_name": "blacklist" + }, + { + "code": "78 logger.debug('Initializing databus using %s.', config_file)\n79 dom = etree.parse(config_file)\n80 entries = dom.xpath('//core/databus/key_value_mappings/*')\n", + "col_offset": 14, + "end_col_offset": 38, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/core/databus.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 79, + "line_range": [ + 79 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "87 if value_type == 'value':\n88 self.set_value(key, eval(value))\n89 elif value_type == 'function':\n", + "col_offset": 36, + "end_col_offset": 47, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/core/databus.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 88, + "line_range": [ + 88 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "95 # eval param to list\n96 params = eval(params[0])\n97 self.set_value(key, _class(*(tuple(params))))\n", + "col_offset": 29, + "end_col_offset": 44, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/core/databus.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 96, + "line_range": [ + 96 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "76 secret = config.get('hpfriends', 'secret')\n77 channels = eval(config.get('hpfriends', 'channels'))\n78 try:\n", + "col_offset": 23, + "end_col_offset": 64, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/core/loggers/log_worker.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 77, + "line_range": [ + 77 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "30 self.registers = {}\n31 dom = etree.parse(template)\n32 categories = dom.xpath('//IEC104/categories/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/IEC104/DeviceDataController.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 31, + "line_range": [ + 31 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "40 def __init__(self, template, template_directory, args):\n41 self.dom = etree.parse(template)\n42 device_info_root = self.dom.xpath('//bacnet/device_info')[0]\n", + "col_offset": 19, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/bacnet/bacnet_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 41, + "line_range": [ + 41 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "55 def parse_template(self):\n56 dom = etree.parse(self.template)\n57 self.server_addr = dom.xpath('//enip/@host')[0]\n", + "col_offset": 14, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/enip/enip_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 56, + "line_range": [ + 56 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "36 self.grp_db = dict() # grp_db[gid] = {group: 'group_name'. users: set(users_uid))\n37 dom = etree.parse(template)\n38 # First let us get FTP related data\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ftp/ftp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 37, + "line_range": [ + 37 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "971 try:\n972 result = eval(key)\n973 except Exception as e:\n", + "col_offset": 33, + "end_col_offset": 42, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/http/command_responder.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 972, + "line_range": [ + 972 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "1000 # for the first time in order to reduce further handling..\n1001 self.configuration = etree.parse(template)\n1002 \n", + "col_offset": 29, + "end_col_offset": 50, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/http/command_responder.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 1001, + "line_range": [ + 1001 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "19 \n20 from pyghmi.ipmi.bmc import Bmc\n21 \n", + "col_offset": 0, + "end_col_offset": 31, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/fakebmc.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 20, + "line_range": [ + 20 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "23 \n24 import pyghmi.exceptions as exc\n25 import pyghmi.ipmi.private.constants as constants\n", + "col_offset": 0, + "end_col_offset": 31, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 24, + "line_range": [ + 24 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "24 import pyghmi.exceptions as exc\n25 import pyghmi.ipmi.private.constants as constants\n26 from pyghmi.ipmi.private.session import Session\n", + "col_offset": 0, + "end_col_offset": 49, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 25, + "line_range": [ + 25 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "25 import pyghmi.ipmi.private.constants as constants\n26 from pyghmi.ipmi.private.session import Session\n27 \n", + "col_offset": 0, + "end_col_offset": 47, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 26, + "line_range": [ + 26 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "30 import hashlib\n31 from Crypto.Cipher import AES\n32 \n", + "col_offset": 0, + "end_col_offset": 29, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/fakesession.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 327, + "link": "https://cwe.mitre.org/data/definitions/327.html" + }, + "issue_severity": "HIGH", + "issue_text": "The pyCrypto library and its module AES are no longer actively maintained and have been deprecated. Consider using pyca/cryptography library.", + "line_number": 31, + "line_range": [ + 31 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b413-import-pycrypto", + "test_id": "B413", + "test_name": "blacklist" + }, + { + "code": "20 import struct\n21 import pyghmi.ipmi.private.constants as constants\n22 import pyghmi.ipmi.private.serversession as serversession\n", + "col_offset": 0, + "end_col_offset": 49, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/ipmi_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 21, + "line_range": [ + 21 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "21 import pyghmi.ipmi.private.constants as constants\n22 import pyghmi.ipmi.private.serversession as serversession\n23 import uuid\n", + "col_offset": 0, + "end_col_offset": 57, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/ipmi_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "An IPMI-related module is being imported. IPMI is considered insecure. Use an encrypted protocol.", + "line_number": 22, + "line_range": [ + 22 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b415-import-pyghmi", + "test_id": "B415", + "test_name": "blacklist" + }, + { + "code": "43 def __init__(self, template, template_directory, args):\n44 dom = etree.parse(template)\n45 databus = conpot_core.get_databus()\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/ipmi/ipmi_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 44, + "line_range": [ + 44 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "343 \n344 if databus.get_value(\"kap_b_server_ip\") == \"0.0.0.0\":\n345 return self.CMD_OUTPUT_SINGLE.format(cmd_ok,\n", + "col_offset": 51, + "end_col_offset": 60, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/kamstrup/management_protocol/commands.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 344, + "line_range": [ + 344 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "493 ip_addr = parse_ip(params)\n494 if ip_addr == \"0.0.0.0\":\n495 if databus.get_value(\"use_dhcp\") == \"NO\":\n", + "col_offset": 26, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/kamstrup/management_protocol/commands.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 494, + "line_range": [ + 494 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "758 def parse_ip(ip_string):\n759 default = \"0.0.0.0\"\n760 if \".\" in ip_string:\n", + "col_offset": 14, + "end_col_offset": 23, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/kamstrup/management_protocol/commands.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 759, + "line_range": [ + 759 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "33 \n34 dom = etree.parse(template)\n35 registers = dom.xpath('//kamstrup_meter/registers/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/kamstrup/meter_protocol/command_responder.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 34, + "line_range": [ + 34 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "49 def _get_mode_and_delay(self, template):\n50 dom = etree.parse(template)\n51 self.mode = dom.xpath('//modbus/mode/text()')[0].lower()\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 50, + "line_range": [ + 50 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "63 def _configure_slaves(self, template):\n64 dom = etree.parse(template)\n65 slaves = dom.xpath('//modbus/slaves/*')\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 64, + "line_range": [ + 64 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "72 name = b.attrib['name']\n73 request_type = eval('mdef.' + b.xpath('./type/text()')[0])\n74 start_addr = int(b.xpath('./starting_address/text()')[0])\n", + "col_offset": 35, + "end_col_offset": 78, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/modbus/modbus_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 78, + "link": "https://cwe.mitre.org/data/definitions/78.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Use of possibly insecure function - consider using safer ast.literal_eval.", + "line_number": 73, + "line_range": [ + 73 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b307-eval", + "test_id": "B307", + "test_name": "blacklist" + }, + { + "code": "23 Databank.__init__(self)\n24 self.dom = etree.parse(template)\n25 \n", + "col_offset": 19, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/modbus/slave_db.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 24, + "line_range": [ + 24 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "49 self.start_time = None # Initialize later\n50 dom = etree.parse(template)\n51 \n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/s7comm/s7_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 50, + "line_range": [ + 50 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "41 \n42 self.dom = etree.parse(template)\n43 self.cmd_responder = None\n", + "col_offset": 19, + "end_col_offset": 40, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/snmp/snmp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 42, + "line_range": [ + 42 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "60 def _init_vfs(self, template):\n61 dom = etree.parse(template)\n62 self.root_path = dom.xpath('//tftp/tftp_root_path/text()')[0].lower()\n", + "col_offset": 14, + "end_col_offset": 35, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/protocols/tftp/tftp_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 61, + "line_range": [ + 61 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "28 from conpot.protocols.ftp.ftp_server import FTPServer\n29 import ftplib # Use ftplib's client for more authentic testing\n30 \n", + "col_offset": 0, + "end_col_offset": 13, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_ftp.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "A FTP-related module is being imported. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.", + "line_number": 29, + "line_range": [ + 29 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_imports.html#b402-import-ftplib", + "test_id": "B402", + "test_name": "blacklist" + }, + { + "code": "47 self.server_greenlet = gevent.spawn(self.ftp_server.start, '127.0.0.1', 0)\n48 self.client = ftplib.FTP()\n49 gevent.sleep(1)\n", + "col_offset": 22, + "end_col_offset": 34, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_ftp.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.", + "line_number": 48, + "line_range": [ + 48 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b321-ftplib", + "test_id": "B321", + "test_name": "blacklist" + }, + { + "code": "66 del self.client\n67 self.client = ftplib.FTP()\n68 self.client.connect(host='127.0.0.1', port=self.ftp_server.server.server_port)\n", + "col_offset": 22, + "end_col_offset": 34, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_ftp.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 319, + "link": "https://cwe.mitre.org/data/definitions/319.html" + }, + "issue_severity": "HIGH", + "issue_text": "FTP-related functions are being called. FTP is considered insecure. Use SSH/SFTP/SCP or some other encrypted protocol.", + "line_number": 67, + "line_range": [ + 67 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b321-ftplib", + "test_id": "B321", + "test_name": "blacklist" + }, + { + "code": "58 \"\"\"\n59 ret = requests.get(\"http://127.0.0.1:{0}/tests/unittest_base.html\".format(self.http_server.server_port))\n60 self.assertIn('ONLINE', ret.text, \"Could not retrieve expected data from test output.\")\n", + "col_offset": 14, + "end_col_offset": 112, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 59, + "line_range": [ + 59 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "66 # retrieve configuration from xml\n67 dom = etree.parse(self.dir_name + '/templates/default/template.xml')\n68 \n", + "col_offset": 14, + "end_col_offset": 76, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 67, + "line_range": [ + 67 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "76 if assert_reference is not None:\n77 ret = requests.get(\"http://127.0.0.1:{0}/tests/unittest_databus.html\".format(self.http_server.server_port))\n78 self.assertIn(assert_reference, ret.text,\n", + "col_offset": 18, + "end_col_offset": 119, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 77, + "line_range": [ + 77 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "87 # retrieve configuration from xml\n88 dom = etree.parse(self.dir_name + '/templates/default/http/http.xml')\n89 \n", + "col_offset": 14, + "end_col_offset": 77, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 88, + "line_range": [ + 88 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "97 dt_req_start = datetime.datetime.now()\n98 requests.get(\"http://127.0.0.1:{0}/tests/unittest_tarpit.html\".format(self.http_server.server_port))\n99 dt_req_delta = datetime.datetime.now() - dt_req_start\n", + "col_offset": 12, + "end_col_offset": 112, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 98, + "line_range": [ + 98 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "113 \"\"\"\n114 ret = requests.get(\"http://127.0.0.1:{0}/tests/unittest_subselects.html?action=unit&subaction=test\".format(\n115 self.http_server.server_port))\n116 self.assertIn('SUCCESSFUL', ret.text, \"Trigger missed. An unexpected page was delivered.\")\n", + "col_offset": 14, + "end_col_offset": 42, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 114, + "line_range": [ + 114, + 115 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "140 \"\"\"\n141 ret = requests.head(\"http://127.0.0.1:{0}/tests/unittest_subselects.html?action=unit&subaction=test\".format(\n142 self.http_server.server_port))\n143 self.assertTrue(ret.status_code == 200 and ret.headers['Content-Length'] == '370')\n", + "col_offset": 14, + "end_col_offset": 42, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 141, + "line_range": [ + 141, + 142 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "145 # Test for 404\n146 ret = requests.head(\"http://127.0.0.1:{0}/tests/random_page_does_not_exists.html\".format(\n147 self.http_server.server_port\n148 ))\n149 self.assertEqual(ret.status_code, 404)\n", + "col_offset": 14, + "end_col_offset": 10, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 146, + "line_range": [ + 146, + 147, + 148 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "152 self.http_server.cmd_responder.httpd.disable_method_head = True\n153 ret = requests.head(\"http://127.0.0.1:{0}/tests/unittest_subselects.html?action=unit&subaction=test\".format(\n154 self.http_server.server_port))\n155 self.assertEqual(ret.status_code, 501)\n", + "col_offset": 14, + "end_col_offset": 42, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 153, + "line_range": [ + 153, + 154 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "160 \"\"\"\n161 ret = requests.options(\"http://127.0.0.1:{0}/tests/unittest_subselects.html?action=unit&subaction=test\".format(\n162 self.http_server.server_port))\n163 self.assertEqual((ret.headers['allow']), 'GET,HEAD,POST,OPTIONS,TRACE')\n", + "col_offset": 14, + "end_col_offset": 42, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 161, + "line_range": [ + 161, + 162 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "176 payload = {'key1': 'value1', 'key2': 'value2'}\n177 ret = requests.post(\"http://127.0.0.1:{0}/tests/demo.html\".format(\n178 self.http_server.server_port), data=payload)\n179 self.assertEqual(ret.status_code, 404)\n", + "col_offset": 14, + "end_col_offset": 56, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 177, + "line_range": [ + 177, + 178 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "185 payload = b'PUT /index.html HTTP/1.1\\r\\nHost: localhost\\r\\n\\r\\n'\n186 ret = requests.put(\"http://127.0.0.1:{0}/tests/demo.html\".format(\n187 self.http_server.server_port), data=payload)\n188 self.assertEqual(ret.status_code, 501)\n", + "col_offset": 14, + "end_col_offset": 56, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_http_server.py", + "issue_confidence": "LOW", + "issue_cwe": { + "id": 400, + "link": "https://cwe.mitre.org/data/definitions/400.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Requests call without timeout", + "line_number": 186, + "line_range": [ + 186, + 187 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b113_request_without_timeout.html", + "test_id": "B113", + "test_name": "request_without_timeout" + }, + { + "code": "38 sensorid = 'default'\n39 public_ip = '0.0.0.0'\n40 dst_port = 502\n", + "col_offset": 20, + "end_col_offset": 29, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_logger_json.py", + "issue_confidence": "MEDIUM", + "issue_cwe": { + "id": 605, + "link": "https://cwe.mitre.org/data/definitions/605.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Possible binding to all interfaces.", + "line_number": 39, + "line_range": [ + 39 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/plugins/b104_hardcoded_bind_all_interfaces.html", + "test_id": "B104", + "test_name": "hardcoded_bind_all_interfaces" + }, + { + "code": "50 1: {'request': 'give me apples', 'response': 'no way'}}}\n51 dom = etree.parse('conpot/templates/default/template.xml')\n52 stixTransformer = StixTransformer(config, dom)\n", + "col_offset": 14, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_taxii.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 51, + "line_range": [ + 51 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + }, + { + "code": "84 1: {'request': 'give me apples', 'response': 'no way'}}}\n85 dom = etree.parse('conpot/templates/default/template.xml')\n86 taxiiLogger = TaxiiLogger(config, dom)\n", + "col_offset": 14, + "end_col_offset": 66, + "filename": "/Users/aristofanischionis/Desktop/MscDTU/courses/thesis/Honeyscanner/honeyscanner/passive_attacks/static_analyzer/conpot-Release_0.6.0/conpot/tests/test_taxii.py", + "issue_confidence": "HIGH", + "issue_cwe": { + "id": 20, + "link": "https://cwe.mitre.org/data/definitions/20.html" + }, + "issue_severity": "MEDIUM", + "issue_text": "Using lxml.etree.parse to parse untrusted XML data is known to be vulnerable to XML attacks. Replace lxml.etree.parse with its defusedxml equivalent function.", + "line_number": 85, + "line_range": [ + 85 + ], + "more_info": "https://bandit.readthedocs.io/en/1.7.5/blacklists/blacklist_calls.html#b313-b320-xml-bad-etree", + "test_id": "B320", + "test_name": "blacklist" + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/static_analyzer/static_analyzer.py b/honeyscanner/passive_attacks/static_analyzer/static_analyzer.py index ca6c2de..d9ffc49 100644 --- a/honeyscanner/passive_attacks/static_analyzer/static_analyzer.py +++ b/honeyscanner/passive_attacks/static_analyzer/static_analyzer.py @@ -18,6 +18,9 @@ def __init__(self, honeypot_name, honeypot_url, honeypot_version): init(autoreset=True) self.honeypot_name = honeypot_name self.honeypot_url = honeypot_url + # Check for Conpot's condition + if (honeypot_name == "conpot" and (honeypot_version == "0.6.0" or honeypot_version == "0.5.2" or honeypot_version == "0.5.1" or honeypot_version == "0.5.0" or honeypot_version == "0.4.0" or honeypot_version == "0.3.1" or honeypot_version == "0.3.0")): + honeypot_version = f"Release_{honeypot_version}" self.honeypot_version = honeypot_version self.output_folder = Path(__file__).resolve().parent / "analysis_results" self.all_cves_path = Path(__file__).resolve().parent.parent / "results" / "all_cves.txt" diff --git a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2-vulnerabilities.json b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2-vulnerabilities.json new file mode 100644 index 0000000..b52a81d --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2-vulnerabilities.json @@ -0,0 +1,3 @@ +{ + "0.2": {} +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2.1-vulnerabilities.json b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2.1-vulnerabilities.json new file mode 100644 index 0000000..4946982 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.2.1-vulnerabilities.json @@ -0,0 +1,3 @@ +{ + "0.2.1": {} +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.5.2-vulnerabilities.json b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.5.2-vulnerabilities.json new file mode 100644 index 0000000..14b5fe4 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.5.2-vulnerabilities.json @@ -0,0 +1,173 @@ +{ + "0.5.2": { + "lxml": [ + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.2.5", + "cve": "CVE-2018-19787", + "vulnerability_id": "pyup.io-50747", + "advisory": "Lxml 4.2.5 includes a fix for CVE-2018-19787: lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.", + "cvss_score": 6.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.4.0", + "cve": "PVE-2021-39195", + "vulnerability_id": "pyup.io-39195", + "advisory": "In lxml before 4.4.0, when writing to file paths that contain the URL escape character '%', the file path could wrongly be mangled by URL unescaping and thus write to a different file or directory. Code that writes to file paths that are provided by untrusted sources, but that must work with previous versions of lxml, should best either reject paths that contain '%' characters, or otherwise make sure that the path does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.\r\nhttps://github.com/lxml/lxml/commit/0245aba002f069a0b157282707bdf77418d1b5be", + "cvss_score": null + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.6.2", + "cve": "CVE-2020-27783", + "vulnerability_id": "pyup.io-39194", + "advisory": "Lxml 4.6.2 includes a fix for CVE-2020-27783: A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.", + "cvss_score": 6.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.6.3", + "cve": "CVE-2021-28957", + "vulnerability_id": "pyup.io-40072", + "advisory": "Lxml version 4.6.3 includes a fix for CVE-2021-28957: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formation attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML.\r\nhttps://bugs.launchpad.net/lxml/+bug/1888153", + "cvss_score": 6.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.6.5", + "cve": "CVE-2021-43818", + "vulnerability_id": "pyup.io-43366", + "advisory": "Lxml 4.6.5 includes a fix for CVE-2021-43818: Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch.", + "cvss_score": 7.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.9.1", + "cve": "CVE-2022-2309", + "vulnerability_id": "pyup.io-50748", + "advisory": "Lxml 4.9.1 includes a fix for CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.", + "cvss_score": null + } + ], + "bottle": [ + { + "name": "bottle", + "installed_version": "0.12.13", + "affected_versions": "<0.12.19", + "cve": "CVE-2020-28473", + "vulnerability_id": "pyup.io-39461", + "advisory": "The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. See CVE-2020-28473.", + "cvss_score": null + }, + { + "name": "bottle", + "installed_version": "0.12.13", + "affected_versions": "<0.12.20", + "cve": "CVE-2022-31799", + "vulnerability_id": "pyup.io-49258", + "advisory": "Bottle before 0.12.20 mishandles errors during early request binding.", + "cvss_score": null + } + ], + "jinja2": [ + { + "name": "jinja2", + "installed_version": "2.10", + "affected_versions": "<2.11.3", + "cve": "CVE-2020-28493", + "vulnerability_id": "pyup.io-39525", + "advisory": "This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the '_punctuation_re regex' operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.", + "cvss_score": null + }, + { + "name": "jinja2", + "installed_version": "2.10", + "affected_versions": ">=0,<2.10.1", + "cve": "CVE-2019-10906", + "vulnerability_id": "pyup.io-54679", + "advisory": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.", + "cvss_score": null + } + ], + "requests": [ + { + "name": "requests", + "installed_version": "2.19.1", + "affected_versions": "<=2.19.1", + "cve": "CVE-2018-18074", + "vulnerability_id": "pyup.io-36546", + "advisory": "Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.", + "cvss_score": null + }, + { + "name": "requests", + "installed_version": "2.19.1", + "affected_versions": ">=2.3.0,<2.31.0", + "cve": "CVE-2023-32681", + "vulnerability_id": "pyup.io-58755", + "advisory": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", + "cvss_score": null + } + ], + "sphinx": [ + { + "name": "sphinx", + "installed_version": "1.7.6", + "affected_versions": "<3.0.4", + "cve": "CVE-2020-11023", + "vulnerability_id": "pyup.io-45775", + "advisory": "Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.", + "cvss_score": null + }, + { + "name": "sphinx", + "installed_version": "1.7.6", + "affected_versions": "<3.0.4", + "cve": "CVE-2020-11022", + "vulnerability_id": "pyup.io-38330", + "advisory": "Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.", + "cvss_score": null + } + ], + "libtaxii": [ + { + "name": "libtaxii", + "installed_version": "1.1.111", + "affected_versions": ">=0,<1.1.118", + "cve": "CVE-2020-27197", + "vulnerability_id": "pyup.io-54231", + "advisory": "\"TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method \"wraps the lxml library\" and that this may be an issue to \"raise ... to the lxml group.\"\"\n\nAffected functions:\nlibtaxii.common.parse", + "cvss_score": null + } + ], + "scapy": [ + { + "name": "scapy", + "installed_version": "2.4.0", + "affected_versions": "<2.4.1", + "cve": "CVE-2019-1010142", + "vulnerability_id": "pyup.io-37341", + "advisory": "Scapy 2.4.1 includes a fix for CVE-2019-1010142: Denial of Service. The impact is infinite loop, resource consumption and program unresponsive. The component affected component is '_RADIUSAttrPacketListField.getfield(self..)'. The attack vector is over the network or a malicious pcap.\r\nhttps://github.com/secdev/scapy/pull/1409/commits/0d7ae2b039f650a40e511d09eb961c782da025d9", + "cvss_score": null + } + ], + "pycrypto": [ + { + "name": "pycrypto", + "installed_version": "2.6.1", + "affected_versions": "<=2.6.1", + "cve": "CVE-2013-7459", + "vulnerability_id": "pyup.io-35015", + "advisory": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) 2.6.1 allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.", + "cvss_score": null + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.6.0-vulnerabilities.json b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.6.0-vulnerabilities.json new file mode 100644 index 0000000..ca0799e --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/conpot-0.6.0-vulnerabilities.json @@ -0,0 +1,182 @@ +{ + "0.6.0": { + "lxml": [ + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.2.5", + "cve": "CVE-2018-19787", + "vulnerability_id": "pyup.io-50747", + "advisory": "Lxml 4.2.5 includes a fix for CVE-2018-19787: lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by \"j a v a s c r i p t:\" in Internet Explorer. This is a similar issue to CVE-2014-3146.", + "cvss_score": 6.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.4.0", + "cve": "PVE-2021-39195", + "vulnerability_id": "pyup.io-39195", + "advisory": "In lxml before 4.4.0, when writing to file paths that contain the URL escape character '%', the file path could wrongly be mangled by URL unescaping and thus write to a different file or directory. Code that writes to file paths that are provided by untrusted sources, but that must work with previous versions of lxml, should best either reject paths that contain '%' characters, or otherwise make sure that the path does not contain maliciously injected '%XX' URL hex escapes for paths like '../'.\r\nhttps://github.com/lxml/lxml/commit/0245aba002f069a0b157282707bdf77418d1b5be", + "cvss_score": null + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.6.2", + "cve": "CVE-2020-27783", + "vulnerability_id": "pyup.io-39194", + "advisory": "Lxml 4.6.2 includes a fix for CVE-2020-27783: A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.", + "cvss_score": 6.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.6.3", + "cve": "CVE-2021-28957", + "vulnerability_id": "pyup.io-40072", + "advisory": "Lxml version 4.6.3 includes a fix for CVE-2021-28957: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formation attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run arbitrary JS code on users who interact with incorrectly sanitized HTML.\r\nhttps://bugs.launchpad.net/lxml/+bug/1888153", + "cvss_score": 6.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.6.5", + "cve": "CVE-2021-43818", + "vulnerability_id": "pyup.io-43366", + "advisory": "Lxml 4.6.5 includes a fix for CVE-2021-43818: Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch.", + "cvss_score": 7.1 + }, + { + "name": "lxml", + "installed_version": "4.2.4", + "affected_versions": "<4.9.1", + "cve": "CVE-2022-2309", + "vulnerability_id": "pyup.io-50748", + "advisory": "Lxml 4.9.1 includes a fix for CVE-2022-2309: NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.", + "cvss_score": 7.5 + } + ], + "bottle": [ + { + "name": "bottle", + "installed_version": "0.12.13", + "affected_versions": "<0.12.19", + "cve": "CVE-2020-28473", + "vulnerability_id": "pyup.io-39461", + "advisory": "The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. See CVE-2020-28473.", + "cvss_score": 6.8 + }, + { + "name": "bottle", + "installed_version": "0.12.13", + "affected_versions": "<0.12.20", + "cve": "CVE-2022-31799", + "vulnerability_id": "pyup.io-49258", + "advisory": "Bottle before 0.12.20 mishandles errors during early request binding.", + "cvss_score": 9.8 + } + ], + "jinja2": [ + { + "name": "jinja2", + "installed_version": "2.10", + "affected_versions": "<2.11.3", + "cve": "CVE-2020-28493", + "vulnerability_id": "pyup.io-39525", + "advisory": "This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the '_punctuation_re regex' operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.", + "cvss_score": 5.3 + }, + { + "name": "jinja2", + "installed_version": "2.10", + "affected_versions": ">=0,<2.10.1", + "cve": "CVE-2019-10906", + "vulnerability_id": "pyup.io-54679", + "advisory": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.", + "cvss_score": 8.6 + } + ], + "requests": [ + { + "name": "requests", + "installed_version": "2.19.1", + "affected_versions": "<=2.19.1", + "cve": "CVE-2018-18074", + "vulnerability_id": "pyup.io-36546", + "advisory": "Requests before 2.20.0 sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.", + "cvss_score": 7.5 + }, + { + "name": "requests", + "installed_version": "2.19.1", + "affected_versions": ">=2.3.0,<2.31.0", + "cve": "CVE-2023-32681", + "vulnerability_id": "pyup.io-58755", + "advisory": "Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use 'rebuild_proxies' to reattach the 'Proxy-Authorization' header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the 'Proxy-Authorization' header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n", + "cvss_score": 6.1 + } + ], + "sphinx": [ + { + "name": "sphinx", + "installed_version": "1.7.7", + "affected_versions": "<3.0.4", + "cve": "CVE-2020-11023", + "vulnerability_id": "pyup.io-45775", + "advisory": "Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.", + "cvss_score": 6.1 + }, + { + "name": "sphinx", + "installed_version": "1.7.7", + "affected_versions": "<3.0.4", + "cve": "CVE-2020-11022", + "vulnerability_id": "pyup.io-38330", + "advisory": "Sphinx 3.0.4 updates jQuery version from 3.4.1 to 3.5.1 for security reasons.", + "cvss_score": 6.1 + } + ], + "libtaxii": [ + { + "name": "libtaxii", + "installed_version": "1.1.111", + "affected_versions": ">=0,<1.1.118", + "cve": "CVE-2020-27197", + "vulnerability_id": "pyup.io-54231", + "advisory": "\"TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method \"wraps the lxml library\" and that this may be an issue to \"raise ... to the lxml group.\"\"\n\nAffected functions:\nlibtaxii.common.parse", + "cvss_score": 9.8 + } + ], + "scapy": [ + { + "name": "scapy", + "installed_version": "2.4.0", + "affected_versions": "<2.4.1", + "cve": "CVE-2019-1010142", + "vulnerability_id": "pyup.io-37341", + "advisory": "Scapy 2.4.1 includes a fix for CVE-2019-1010142: Denial of Service. The impact is infinite loop, resource consumption and program unresponsive. The component affected component is '_RADIUSAttrPacketListField.getfield(self..)'. The attack vector is over the network or a malicious pcap.\r\nhttps://github.com/secdev/scapy/pull/1409/commits/0d7ae2b039f650a40e511d09eb961c782da025d9", + "cvss_score": 7.5 + } + ], + "pycrypto": [ + { + "name": "pycrypto", + "installed_version": "2.6.1", + "affected_versions": "<=2.6.1", + "cve": "CVE-2013-7459", + "vulnerability_id": "pyup.io-35015", + "advisory": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) 2.6.1 allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.", + "cvss_score": 9.8 + }, + { + "name": "pycrypto", + "installed_version": "2.6.1", + "affected_versions": "<=2.6.1", + "cve": "CVE-2013-7459", + "vulnerability_id": "pyup.io-35015", + "advisory": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) 2.6.1 allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.", + "cvss_score": 9.8 + } + ] + } +} \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2-requirements.txt b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2-requirements.txt new file mode 100644 index 0000000..e3a5e39 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2-requirements.txt @@ -0,0 +1,5 @@ +gevent==23.7.0 +pysnmp==4.4.12 +lxml==4.9.3 +modbus_tk==1.1.3 +hpfeeds==3.0.0 \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2.1-requirements.txt b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2.1-requirements.txt new file mode 100644 index 0000000..e3a5e39 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.2.1-requirements.txt @@ -0,0 +1,5 @@ +gevent==23.7.0 +pysnmp==4.4.12 +lxml==4.9.3 +modbus_tk==1.1.3 +hpfeeds==3.0.0 \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.5.2-requirements.txt b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.5.2-requirements.txt new file mode 100644 index 0000000..ec2e293 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.5.2-requirements.txt @@ -0,0 +1,27 @@ +gevent==1.3.5 +pysnmp==4.4.5 +pysmi==0.3.1 +lxml==4.2.4 +bottle==0.12.13 +jinja2==2.10 +beautifulsoup4==4.6.1 +requests==2.19.1 +sphinx==1.7.6 +libtaxii==1.1.111 +MySQL-python==1.2.5 +xlrd==1.1.0 +crc16==0.1.1 +natsort==5.3.3 +scapy==2.4.0 +enum34==1.1.6 +hpfeeds==1.0 +modbus-tk==0.5.8 +stix-validator==2.5.0 +stix==1.2.0.6 +cybox==2.1.0.17 +bacpypes==0.16.1 +pyghmi==1.2.2 +mixbox==1.0.3 +modbus-tk==0.5.8 +cpppo==3.9.7 +pycrypto==2.6.1 \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.6.0-requirements.txt b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.6.0-requirements.txt new file mode 100644 index 0000000..3c3c805 --- /dev/null +++ b/honeyscanner/passive_attacks/vuln_analyzer/requirements_files/conpot-0.6.0-requirements.txt @@ -0,0 +1,34 @@ +gevent==1.3.6 +pysnmp==4.4.5 +pysmi==0.3.1 +lxml==4.2.4 +bottle==0.12.13 +jinja2==2.10 +beautifulsoup4==4.6.3 +requests==2.19.1 +sphinx==1.7.7 +libtaxii==1.1.111 +xlrd==1.1.0 +crc16==0.1.1 +natsort==5.3.3 +scapy==2.4.0 +enum34==1.1.6 +hpfeeds3==0.9.7 +modbus-tk==0.5.8 +stix-validator==2.5.0 +stix==1.2.0.6 +pycrypto==2.6.1 +cybox==2.1.0.17 +bacpypes==0.17.0 +pyghmi==1.2.10 +mixbox==1.0.3 +modbus-tk==0.5.8 +cpppo==3.9.7 +pytest==3.7.2 +fs==2.1.0 +python-slugify==1.2.5 +tftpy==0.7.0 +freezegun==0.3.10 +pytest==3.7.2 +tox==3.2.1 +pycrypto==2.6.1 \ No newline at end of file diff --git a/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py b/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py index 1f7419b..9dc756c 100644 --- a/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py +++ b/honeyscanner/passive_attacks/vuln_analyzer/vuln_analyzer.py @@ -125,6 +125,8 @@ def get_release_date(self, version_tag): Get the release date of the specified version tag. """ try: + if (self.honeypot_name == "conpot" and (version_tag == "0.6.0" or version_tag == "0.5.2" or version_tag == "0.5.1" or version_tag == "0.5.0" or version_tag == "0.4.0" or version_tag == "0.3.1" or version_tag == "0.3.0")): + version_tag = f"Release_{version_tag}" release = self.repo.get_release(version_tag) return release.published_at.date() except Exception as e: diff --git a/honeyscanner/reports/report.txt b/honeyscanner/reports/report.txt new file mode 100644 index 0000000..a8fd41b --- /dev/null +++ b/honeyscanner/reports/report.txt @@ -0,0 +1,127 @@ + + + ___ ___ + / | \ ____ ____ ____ ___.__. ______ ____ _____ ____ ____ ___________ +/ ~ \/ _ \ / \_/ __ < | |/ ___// ___\\__ \ / \ / \_/ __ \_ __ \ +\ Y ( <_> ) | \ ___/\___ |\___ \\ \___ / __ \| | \ | \ ___/| | \/ + \___|_ / \____/|___| /\___ > ____/____ >\___ >____ /___| /___| /\___ >__| + \/ \/ \/\/ \/ \/ \/ \/ \/ \/ + + + +Security Assessment of conpot Honeypot, Version: 0.5.2 +Honeypot IP: 127.0.0.1 +Honeypot Port: 2323 +Date of Assessment: 2023-07-31 21:32:48 +Report Summary +Passive Attacks Results: +======================== +Honeypot Passive Attack Report +============================== + +Target: 127.0.0.1:2323 + +VulnerableLibrariesAnalyzer: + +Vulnerability Analysis Summary: +lxml + - Yellow pyup.io-50747 - <4.2.5 - CVE-2018-19787 - CVSS: 6.1 + - No CVSS Score pyup.io-39195 - <4.4.0 - PVE-2021-39195 - CVSS: None + - Yellow pyup.io-39194 - <4.6.2 - CVE-2020-27783 - CVSS: 6.1 + - Yellow pyup.io-40072 - <4.6.3 - CVE-2021-28957 - CVSS: 6.1 + - Red pyup.io-43366 - <4.6.5 - CVE-2021-43818 - CVSS: 7.1 + - No CVSS Score pyup.io-50748 - <4.9.1 - CVE-2022-2309 - CVSS: None + +bottle + - No CVSS Score pyup.io-39461 - <0.12.19 - CVE-2020-28473 - CVSS: None + - No CVSS Score pyup.io-49258 - <0.12.20 - CVE-2022-31799 - CVSS: None + +jinja2 + - No CVSS Score pyup.io-39525 - <2.11.3 - CVE-2020-28493 - CVSS: None + - No CVSS Score pyup.io-54679 - >=0,<2.10.1 - CVE-2019-10906 - CVSS: None + +requests + - No CVSS Score pyup.io-36546 - <=2.19.1 - CVE-2018-18074 - CVSS: None + - No CVSS Score pyup.io-58755 - >=2.3.0,<2.31.0 - CVE-2023-32681 - CVSS: None + +sphinx + - No CVSS Score pyup.io-45775 - <3.0.4 - CVE-2020-11023 - CVSS: None + - No CVSS Score pyup.io-38330 - <3.0.4 - CVE-2020-11022 - CVSS: None + +libtaxii + - No CVSS Score pyup.io-54231 - >=0,<1.1.118 - CVE-2020-27197 - CVSS: None + +scapy + - No CVSS Score pyup.io-37341 - <2.4.1 - CVE-2019-1010142 - CVSS: None + +pycrypto + - No CVSS Score pyup.io-35015 - <=2.6.1 - CVE-2013-7459 - CVSS: None + + + +StaticAnalyzer: +High Severity: 7 +Medium Severity: 23 + + +ContainerSecurityScanner: +Scan Summary + +Vulnerabilities in conpot/templates/default/ssl/ssl.key: +MEDIUM: 0 +HIGH: 0 +CRITICAL: 0 + +Secrets in conpot/templates/default/ssl/ssl.key: +MEDIUM: 0 +HIGH: 1 +CRITICAL: 0 + +Vulnerabilities in conpot/templates/kamstrup_382/ssl/ssl.key: +MEDIUM: 0 +HIGH: 0 +CRITICAL: 0 + +Secrets in conpot/templates/kamstrup_382/ssl/ssl.key: +MEDIUM: 0 +HIGH: 1 +CRITICAL: 0 + + + +Active Attacks Results: +======================= +None +Overall Score: +============== +TODO: Add overall score + + +Successful Attacks: +=================== +TODO: Add successful attacks + + +Failed Attacks: +================ +TODO: Add failed attacks + + +Attack Success Rate: +==================== +TODO: Add attack success rate + + +Total Potential CVEs: 128 + + +Actionable Recommendations: +=========================== +TODO: Add actionable recommendations + + +Detailed Report: +================ +TODO: Add detailed report + + From 1ff197feb5cc804ab3a815d26a6d12a355199493 Mon Sep 17 00:00:00 2001 From: Aristofanis Chionis Date: Wed, 9 Aug 2023 18:30:55 +0200 Subject: [PATCH 3/3] ADD: extend honeypot support code --- .../active_attacks/attack_orchestrator.py | 3 +- .../trivy_scan_results_cowrie.json | 425 +- .../passive_attacks/results/all_cves.txt | 168 + .../cowrie-v2.5.0-vulnerabilities.json | 55 +- .../vuln_database/insecure_full.json | 31492 +++++++++------- honeyscanner/reports/report.txt | 114 +- honeyscanner/reports/report_conpot.txt | 127 + 7 files changed, 17633 insertions(+), 14751 deletions(-) create mode 100644 honeyscanner/reports/report_conpot.txt diff --git a/honeyscanner/active_attacks/attack_orchestrator.py b/honeyscanner/active_attacks/attack_orchestrator.py index 741d6bf..40ea810 100644 --- a/honeyscanner/active_attacks/attack_orchestrator.py +++ b/honeyscanner/active_attacks/attack_orchestrator.py @@ -11,7 +11,8 @@ def __init__(self, honeypot): self.attacks = [ Fuzzing(honeypot), # Successfully ran! - not crashing the honeypot - try to get some insights instead of crashing TarBomb(honeypot), # should be rechecked, works but doesn't crash the honeypot - SoftwareExploit(honeypot), # Successfully ran! - not managed to exploit something + # TODO: SoftwareExploit still is slow + # SoftwareExploit(honeypot), # Successfully ran! - not managed to exploit something DoS(honeypot) # Successfully ran! - crashes the honeypot ] self.results = [] diff --git a/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_cowrie.json b/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_cowrie.json index 8b166cb..bb0cda9 100644 --- a/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_cowrie.json +++ b/honeyscanner/passive_attacks/container_security_scanner/analysis_results/trivy_scan_results_cowrie.json @@ -9,6 +9,7 @@ "PkgID": "libcom-err2@1.46.2-2", "PkgName": "libcom-err2", "InstalledVersion": "1.46.2-2", + "Status": "affected", "Layer": { "DiffID": "sha256:ca4eecbf39e6758abf787dd9fab38148e03aefbb5c3e3830f21a69ea1fd4a09e" }, @@ -19,7 +20,7 @@ "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, - "Title": "e2fsprogs: out-of-bounds read/write via crafted filesystem", + "Title": "out-of-bounds read/write via crafted filesystem", "Description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "Severity": "HIGH", "CweIDs": [ @@ -61,6 +62,7 @@ "PkgID": "libdb5.3@5.3.28+dfsg1-0.8", "PkgName": "libdb5.3", "InstalledVersion": "5.3.28+dfsg1-0.8", + "Status": "affected", "Layer": { "DiffID": "sha256:cf9c7c9c9ad7d79832b60d51276862448b70fc11a3f9ecd2c4418c435132537b" }, @@ -119,11 +121,84 @@ "PublishedDate": "2019-05-30T16:29:00Z", "LastModifiedDate": "2021-07-31T08:15:00Z" }, + { + "VulnerabilityID": "CVE-2023-36054", + "PkgID": "libgssapi-krb5-2@1.18.3-6+deb11u3", + "PkgName": "libgssapi-krb5-2", + "InstalledVersion": "1.18.3-6+deb11u3", + "Status": "affected", + "Layer": { + "DiffID": "sha256:a1af5ba59659cd3bc64caf59fa6b0733decc650da428be88fbd78c5efcc31ac3" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-36054", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...", + "Severity": "MEDIUM" + }, + { + "VulnerabilityID": "CVE-2023-36054", + "PkgID": "libk5crypto3@1.18.3-6+deb11u3", + "PkgName": "libk5crypto3", + "InstalledVersion": "1.18.3-6+deb11u3", + "Status": "affected", + "Layer": { + "DiffID": "sha256:70faff05d00e37f6759b17901328e5d42c74fbc3b90d67c210e3e37951ca9e03" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-36054", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...", + "Severity": "MEDIUM" + }, + { + "VulnerabilityID": "CVE-2023-36054", + "PkgID": "libkrb5-3@1.18.3-6+deb11u3", + "PkgName": "libkrb5-3", + "InstalledVersion": "1.18.3-6+deb11u3", + "Status": "affected", + "Layer": { + "DiffID": "sha256:e0a11baaefcb9b4a61de880edba3fe52be420ffc992944d2c5af7ce266033b89" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-36054", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...", + "Severity": "MEDIUM" + }, + { + "VulnerabilityID": "CVE-2023-36054", + "PkgID": "libkrb5support0@1.18.3-6+deb11u3", + "PkgName": "libkrb5support0", + "InstalledVersion": "1.18.3-6+deb11u3", + "Status": "affected", + "Layer": { + "DiffID": "sha256:0c787ebb31fb8323f4dc3b9634cee53308a287d8799911cc860934fd47974ac0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-36054", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...", + "Severity": "MEDIUM" + }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libncursesw6@6.2+20201114-2+deb11u1", "PkgName": "libncursesw6", "InstalledVersion": "6.2+20201114-2+deb11u1", + "Status": "affected", "Layer": { "DiffID": "sha256:fd288e5dc11107870eac2899f7bd3777556835c371411d5bfb2eea2572a7cbf2" }, @@ -172,6 +247,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -232,6 +308,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -321,6 +398,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -397,6 +475,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -477,6 +556,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -533,6 +613,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -594,6 +675,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -679,6 +761,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -717,7 +800,7 @@ "https://github.com/python/cpython/pull/99421", "https://github.com/python/cpython/pull/99446 (backport for 3.11 branch)", "https://linux.oracle.com/cve/CVE-2023-24329.html", - "https://linux.oracle.com/errata/ELSA-2023-3781.html", + "https://linux.oracle.com/errata/ELSA-2023-3811.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", @@ -748,13 +831,14 @@ "https://www.cve.org/CVERecord?id=CVE-2023-24329" ], "PublishedDate": "2023-02-17T15:15:00Z", - "LastModifiedDate": "2023-06-16T04:15:00Z" + "LastModifiedDate": "2023-08-02T16:19:00Z" }, { "VulnerabilityID": "CVE-2021-3426", "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -818,6 +902,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -883,6 +968,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -950,6 +1036,7 @@ "PkgID": "libpython3.9-minimal@3.9.2-1", "PkgName": "libpython3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:2b66cde7d0cfbda919a0c334aa0e96e1f702a1dde1656f1075ce3d50aab562d9" }, @@ -996,6 +1083,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1056,6 +1144,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1145,6 +1234,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1221,6 +1311,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1301,6 +1392,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1357,6 +1449,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1418,6 +1511,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1503,6 +1597,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1541,7 +1636,7 @@ "https://github.com/python/cpython/pull/99421", "https://github.com/python/cpython/pull/99446 (backport for 3.11 branch)", "https://linux.oracle.com/cve/CVE-2023-24329.html", - "https://linux.oracle.com/errata/ELSA-2023-3781.html", + "https://linux.oracle.com/errata/ELSA-2023-3811.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", @@ -1572,13 +1667,14 @@ "https://www.cve.org/CVERecord?id=CVE-2023-24329" ], "PublishedDate": "2023-02-17T15:15:00Z", - "LastModifiedDate": "2023-06-16T04:15:00Z" + "LastModifiedDate": "2023-08-02T16:19:00Z" }, { "VulnerabilityID": "CVE-2021-3426", "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1642,6 +1738,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1707,6 +1804,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1774,6 +1872,7 @@ "PkgID": "libpython3.9-stdlib@3.9.2-1", "PkgName": "libpython3.9-stdlib", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e647281aeda207430048571c138604d8fcb88a8228cf3bab08e20602ff510002" }, @@ -1820,6 +1919,7 @@ "PkgID": "libsqlite3-0@3.34.1-3", "PkgName": "libsqlite3-0", "InstalledVersion": "3.34.1-3", + "Status": "affected", "Layer": { "DiffID": "sha256:0361602fcfc1e5e1da3c9fa364f84e56c0c963cf7407a8db8e6c47595b1985f2" }, @@ -1860,11 +1960,103 @@ "PublishedDate": "2023-05-09T02:15:00Z", "LastModifiedDate": "2023-06-09T08:15:00Z" }, + { + "VulnerabilityID": "CVE-2023-3446", + "PkgID": "libssl1.1@1.1.1n-0+deb11u5", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u5", + "Status": "fix_deferred", + "Layer": { + "DiffID": "sha256:990271342518f9e64c2403a07d928eb42d8676831ee8fd1b3dc3b62da7a1d162" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Excessive time spent checking DH keys and parameters", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1333" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "https://access.redhat.com/security/cve/CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "https://security.netapp.com/advisory/ntap-20230803-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-3446", + "https://www.openssl.org/news/secadv/20230719.txt" + ], + "PublishedDate": "2023-07-19T12:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3817", + "PkgID": "libssl1.1@1.1.1n-0+deb11u5", + "PkgName": "libssl1.1", + "InstalledVersion": "1.1.1n-0+deb11u5", + "Status": "fix_deferred", + "Layer": { + "DiffID": "sha256:990271342518f9e64c2403a07d928eb42d8676831ee8fd1b3dc3b62da7a1d162" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Excessive time spent checking DH q parameter value", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "https://access.redhat.com/security/cve/CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "https://www.cve.org/CVERecord?id=CVE-2023-3817", + "https://www.openssl.org/news/secadv/20230731.txt" + ], + "PublishedDate": "2023-07-31T16:15:00Z", + "LastModifiedDate": "2023-08-01T11:15:00Z" + }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libtinfo6@6.2+20201114-2+deb11u1", "PkgName": "libtinfo6", "InstalledVersion": "6.2+20201114-2+deb11u1", + "Status": "affected", "Layer": { "DiffID": "sha256:0e24676df88c8a6bcf6a270973214fdee7130182aa3d66fd6ead477979b41d5f" }, @@ -1908,11 +2100,103 @@ "PublishedDate": "2023-04-14T01:15:00Z", "LastModifiedDate": "2023-05-17T20:15:00Z" }, + { + "VulnerabilityID": "CVE-2023-3446", + "PkgID": "openssl@1.1.1n-0+deb11u5", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u5", + "Status": "fix_deferred", + "Layer": { + "DiffID": "sha256:3a8250aec45920023b976f34f260e7c4497e2ca3040c80103372808a021bf97c" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Excessive time spent checking DH keys and parameters", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1333" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "https://access.redhat.com/security/cve/CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "https://security.netapp.com/advisory/ntap-20230803-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-3446", + "https://www.openssl.org/news/secadv/20230719.txt" + ], + "PublishedDate": "2023-07-19T12:15:00Z", + "LastModifiedDate": "2023-08-03T15:15:00Z" + }, + { + "VulnerabilityID": "CVE-2023-3817", + "PkgID": "openssl@1.1.1n-0+deb11u5", + "PkgName": "openssl", + "InstalledVersion": "1.1.1n-0+deb11u5", + "Status": "fix_deferred", + "Layer": { + "DiffID": "sha256:3a8250aec45920023b976f34f260e7c4497e2ca3040c80103372808a021bf97c" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Title": "Excessive time spent checking DH q parameter value", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "https://access.redhat.com/security/cve/CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "https://www.cve.org/CVERecord?id=CVE-2023-3817", + "https://www.openssl.org/news/secadv/20230731.txt" + ], + "PublishedDate": "2023-07-31T16:15:00Z", + "LastModifiedDate": "2023-08-01T11:15:00Z" + }, { "VulnerabilityID": "CVE-2021-29921", "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -1973,6 +2257,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2062,6 +2347,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2138,6 +2424,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2218,6 +2505,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2274,6 +2562,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2335,6 +2624,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2420,6 +2710,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2458,7 +2749,7 @@ "https://github.com/python/cpython/pull/99421", "https://github.com/python/cpython/pull/99446 (backport for 3.11 branch)", "https://linux.oracle.com/cve/CVE-2023-24329.html", - "https://linux.oracle.com/errata/ELSA-2023-3781.html", + "https://linux.oracle.com/errata/ELSA-2023-3811.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/", @@ -2489,13 +2780,14 @@ "https://www.cve.org/CVERecord?id=CVE-2023-24329" ], "PublishedDate": "2023-02-17T15:15:00Z", - "LastModifiedDate": "2023-06-16T04:15:00Z" + "LastModifiedDate": "2023-08-02T16:19:00Z" }, { "VulnerabilityID": "CVE-2021-3426", "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2559,6 +2851,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2624,6 +2917,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2691,6 +2985,7 @@ "PkgID": "python3.9-minimal@3.9.2-1", "PkgName": "python3.9-minimal", "InstalledVersion": "3.9.2-1", + "Status": "affected", "Layer": { "DiffID": "sha256:e0ec835c1f88840979da9a3ea10e58ca594d79d44d4e4871cc2e5043eaaa83b8" }, @@ -2739,15 +3034,118 @@ "Class": "lang-pkgs", "Type": "python-pkg", "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-37276", + "PkgName": "aiohttp", + "PkgPath": "cowrie/cowrie-env/lib/python3.9/site-packages/aiohttp-3.8.4.dist-info/METADATA", + "InstalledVersion": "3.8.4", + "Status": "affected", + "Layer": { + "DiffID": "sha256:a0c7fe8cccf1220a289d039578e1f3589b9c71f97ac06c3d9f8018fea984ed4c" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37276", + "DataSource": { + "ID": "osv", + "Name": "Python Packaging Advisory Database", + "URL": "https://github.com/pypa/advisory-db" + }, + "Title": "HTTP request smuggling via llhttp HTTP request parser", + "Description": "aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-37276", + "https://github.com/advisories/GHSA-45c4-8wx5-qw6w", + "https://github.com/aio-libs/aiohttp", + "https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules", + "https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40", + "https://github.com/aio-libs/aiohttp/commit/9c13a52c21c23dfdb49ed89418d28a5b116d0681", + "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w", + "https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-120.yaml", + "https://hackerone.com/reports/2001873", + "https://nvd.nist.gov/vuln/detail/CVE-2023-37276", + "https://www.cve.org/CVERecord?id=CVE-2023-37276" + ], + "PublishedDate": "2023-07-19T20:15:00Z", + "LastModifiedDate": "2023-07-28T15:55:00Z" + }, + { + "VulnerabilityID": "CVE-2023-37920", + "PkgName": "certifi", + "PkgPath": "cowrie/cowrie-env/lib/python3.9/site-packages/certifi-2023.5.7.dist-info/METADATA", + "InstalledVersion": "2023.5.7", + "FixedVersion": "2023.7.22", + "Status": "fixed", + "Layer": { + "DiffID": "sha256:a0c7fe8cccf1220a289d039578e1f3589b9c71f97ac06c3d9f8018fea984ed4c" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-37920", + "DataSource": { + "ID": "osv", + "Name": "Python Packaging Advisory Database", + "URL": "https://github.com/pypa/advisory-db" + }, + "Title": "Removal of e-Tugra root certificate", + "Description": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-345" + ], + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-37920", + "https://github.com/advisories/GHSA-xqr8-7jwr-rhp7", + "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909", + "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7", + "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A", + "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", + "https://www.cve.org/CVERecord?id=CVE-2023-37920" + ], + "PublishedDate": "2023-07-25T21:15:00Z", + "LastModifiedDate": "2023-08-03T16:19:00Z" + }, { "VulnerabilityID": "CVE-2023-38325", "PkgName": "cryptography", "PkgPath": "cowrie/cowrie-env/lib/python3.9/site-packages/cryptography-41.0.1.dist-info/METADATA", "InstalledVersion": "41.0.1", "FixedVersion": "41.0.2", + "Status": "fixed", "Layer": { "DiffID": "sha256:a0c7fe8cccf1220a289d039578e1f3589b9c71f97ac06c3d9f8018fea984ed4c" }, + "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-38325", "DataSource": { "ID": "osv", @@ -2756,7 +3154,16 @@ }, "Title": "cryptography mishandles SSH certificates", "Description": "The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.", - "Severity": "MEDIUM", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, "References": [ "https://github.com/advisories/GHSA-cf7p-gm2m-833m", "https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3", @@ -2767,7 +3174,7 @@ "https://pypi.org/project/cryptography/#history" ], "PublishedDate": "2023-07-14T20:15:00Z", - "LastModifiedDate": "2023-07-14T20:15:00Z" + "LastModifiedDate": "2023-08-01T18:21:00Z" } ] }, diff --git a/honeyscanner/passive_attacks/results/all_cves.txt b/honeyscanner/passive_attacks/results/all_cves.txt index f2ace5f..0845bd2 100644 --- a/honeyscanner/passive_attacks/results/all_cves.txt +++ b/honeyscanner/passive_attacks/results/all_cves.txt @@ -493,3 +493,171 @@ CVE-2010-0013 CVE-2008-5748 CVE-2009-1936 CVE-2004-0325 +CVE-2023-0217 +CVE-2022-3996 +CVE-2022-4203 +CVE-2023-0401 +CVE-2023-0215 +CVE-2023-0286 +CVE-2022-4304 +CVE-2023-0216 +CVE-2022-4450 +CVE-2023-2650 +CVE-2023-38325 +CVE-2023-23931 +CVE-2022-29519 +CVE-2022-30312 +CVE-2022-31204 +CVE-2002-1949 +CVE-2008-4122 +CVE-2008-3289 +CVE-2008-4390 +CVE-2007-5626 +CVE-2004-1852 +CVE-2008-0374 +CVE-2007-4961 +CVE-2007-4786 +CVE-2005-3140 +CVE-2022-30273 +CVE-2022-30320 +CVE-2008-3775 +CVE-2007-4150 +CVE-2007-5460 +CVE-2005-4860 +CVE-2002-2058 +CVE-2008-3188 +CVE-2005-2946 +CVE-2007-6013 +CVE-2019-12799 +CVE-2015-8103 +CVE-2015-4852 +CVE-2013-1465 +CVE-2012-3527 +CVE-2012-0911 +CVE-2011-2520 +CVE-2012-4406 +CVE-2003-0791 +CVE-2019-12496 +CVE-2014-1266 +CVE-2021-22909 +CVE-2008-4989 +CVE-2012-5821 +CVE-2009-3046 +CVE-2011-0199 +CVE-2012-5810 +CVE-2012-3446 +CVE-2009-2408 +CVE-2012-2993 +CVE-2012-5822 +CVE-2012-5819 +CVE-2012-5817 +CVE-2010-1378 +CVE-2005-3170 +CVE-2009-0265 +CVE-2003-1229 +CVE-2002-0862 +CVE-2009-1358 +CVE-2022-21668 +CVE-2020-7218 +CVE-2020-3566 +CVE-2009-2874 +CVE-2009-1928 +CVE-2009-2858 +CVE-2009-2726 +CVE-2009-2540 +CVE-2009-2299 +CVE-2009-2054 +CVE-2008-5180 +CVE-2008-2121 +CVE-2008-2122 +CVE-2008-1700 +CVE-2007-4103 +CVE-2006-1173 +CVE-2007-0897 +CVE-2021-42258 +CVE-2021-27101 +CVE-2020-12271 +CVE-2019-3792 +CVE-2004-0366 +CVE-2008-2790 +CVE-2008-2223 +CVE-2007-6602 +CVE-2008-5817 +CVE-2003-0377 +CVE-2008-2380 +CVE-2017-11508 +CVE-2001-1546 +CVE-2004-2172 +CVE-2002-1682 +CVE-2002-1697 +CVE-2002-1739 +CVE-2005-2281 +CVE-2002-1872 +CVE-2002-1910 +CVE-2002-1946 +CVE-2002-1975 +CVE-2020-10987 +CVE-2020-10221 +CVE-2020-9054 +CVE-1999-0067 +CVE-2001-1246 +CVE-2002-0061 +CVE-2003-0041 +CVE-2008-2575 +CVE-2002-1898 +CVE-2008-4304 +CVE-2008-4796 +CVE-2007-3572 +CVE-2012-1988 +CVE-2022-1304 +CVE-2019-8457 +CVE-2023-36054 +CVE-2023-36054 +CVE-2023-36054 +CVE-2023-36054 +CVE-2023-29491 +CVE-2021-29921 +CVE-2015-20107 +CVE-2020-10735 +CVE-2021-3737 +CVE-2022-0391 +CVE-2022-42919 +CVE-2022-45061 +CVE-2023-24329 +CVE-2021-3426 +CVE-2021-3733 +CVE-2021-4189 +CVE-2023-27043 +CVE-2021-29921 +CVE-2015-20107 +CVE-2020-10735 +CVE-2021-3737 +CVE-2022-0391 +CVE-2022-42919 +CVE-2022-45061 +CVE-2023-24329 +CVE-2021-3426 +CVE-2021-3733 +CVE-2021-4189 +CVE-2023-27043 +CVE-2021-31239 +CVE-2023-3446 +CVE-2023-3817 +CVE-2023-29491 +CVE-2023-3446 +CVE-2023-3817 +CVE-2021-29921 +CVE-2015-20107 +CVE-2020-10735 +CVE-2021-3737 +CVE-2022-0391 +CVE-2022-42919 +CVE-2022-45061 +CVE-2023-24329 +CVE-2021-3426 +CVE-2021-3733 +CVE-2021-4189 +CVE-2023-27043 +CVE-2023-37276 +CVE-2023-37920 +CVE-2023-38325 diff --git a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/cowrie-v2.5.0-vulnerabilities.json b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/cowrie-v2.5.0-vulnerabilities.json index 36d9726..3f5d2bb 100644 --- a/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/cowrie-v2.5.0-vulnerabilities.json +++ b/honeyscanner/passive_attacks/vuln_analyzer/analysis_results/cowrie-v2.5.0-vulnerabilities.json @@ -5,8 +5,8 @@ "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2023-0215", - "vulnerability_id": "pyup.io-53305", + "cve": "CVE-2023-0217", + "vulnerability_id": "pyup.io-53306", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", "cvss_score": 7.5 }, @@ -14,35 +14,35 @@ "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2023-0401", - "vulnerability_id": "pyup.io-53307", - "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", + "cve": "CVE-2022-3996", + "vulnerability_id": "pyup.io-53298", + "advisory": "Cryptography 39.0.1 includes a fix for CVE-2022-3996, a DoS vulnerability affecting openssl.\r\nhttps://github.com/pyca/cryptography/issues/7940", "cvss_score": 7.5 }, { "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2023-0217", - "vulnerability_id": "pyup.io-53306", + "cve": "CVE-2022-4203", + "vulnerability_id": "pyup.io-53301", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cvss_score": 7.5 + "cvss_score": 4.9 }, { "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2022-3996", - "vulnerability_id": "pyup.io-53298", - "advisory": "Cryptography 39.0.1 includes a fix for CVE-2022-3996, a DoS vulnerability affecting openssl.\r\nhttps://github.com/pyca/cryptography/issues/7940", + "cve": "CVE-2023-0401", + "vulnerability_id": "pyup.io-53307", + "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", "cvss_score": 7.5 }, { "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2023-0216", - "vulnerability_id": "pyup.io-53302", + "cve": "CVE-2023-0215", + "vulnerability_id": "pyup.io-53305", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", "cvss_score": 7.5 }, @@ -50,10 +50,10 @@ "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2022-4203", - "vulnerability_id": "pyup.io-53301", + "cve": "CVE-2023-0286", + "vulnerability_id": "pyup.io-53304", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cvss_score": 4.9 + "cvss_score": null }, { "name": "cryptography", @@ -62,16 +62,16 @@ "cve": "CVE-2022-4304", "vulnerability_id": "pyup.io-53303", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cvss_score": 5.9 + "cvss_score": null }, { "name": "cryptography", "installed_version": "39.0.0", "affected_versions": "<39.0.1", - "cve": "CVE-2023-0286", - "vulnerability_id": "pyup.io-53304", + "cve": "CVE-2023-0216", + "vulnerability_id": "pyup.io-53302", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cvss_score": 7.4 + "cvss_score": null }, { "name": "cryptography", @@ -80,7 +80,7 @@ "cve": "CVE-2022-4450", "vulnerability_id": "pyup.io-53299", "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cvss_score": 7.5 + "cvss_score": null }, { "name": "cryptography", @@ -89,7 +89,16 @@ "cve": "CVE-2023-2650", "vulnerability_id": "pyup.io-59062", "advisory": "Cryptography 41.0.0 updates its dependency 'OpenSSL' to v3.1.1 to include a security fix.\r\nhttps://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22", - "cvss_score": 7.5 + "cvss_score": null + }, + { + "name": "cryptography", + "installed_version": "39.0.0", + "affected_versions": "<41.0.2", + "cve": "CVE-2023-38325", + "vulnerability_id": "pyup.io-59473", + "advisory": "The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.", + "cvss_score": null }, { "name": "cryptography", @@ -98,7 +107,7 @@ "cve": "CVE-2023-23931", "vulnerability_id": "pyup.io-53048", "advisory": "Cryptography 39.0.1 includes a fix for CVE-2023-23931: In affected versions 'Cipher.update_into' would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This issue has been present since 'update_into' was originally introduced in cryptography 1.8.\r\nhttps://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r", - "cvss_score": 6.5 + "cvss_score": null } ] } diff --git a/honeyscanner/passive_attacks/vuln_analyzer/vuln_database/insecure_full.json b/honeyscanner/passive_attacks/vuln_analyzer/vuln_database/insecure_full.json index 937e613..9bd8e5c 100644 --- a/honeyscanner/passive_attacks/vuln_analyzer/vuln_database/insecure_full.json +++ b/honeyscanner/passive_attacks/vuln_analyzer/vuln_database/insecure_full.json @@ -2,7 +2,7 @@ "$meta": { "advisory": "PyUp.io metadata", "base_domain": "https://pyup.io", - "timestamp": 1688191233 + "timestamp": 1690869637 }, "10cent10": [ { @@ -469,16 +469,6 @@ } ], "ai-python": [ - { - "advisory": "Ai-python 0.8.1 updates its dependency 'tensorflow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41213", - "id": "pyup.io-43062", - "more_info_path": "/vulnerabilities/CVE-2021-41213/43062", - "specs": [ - "<0.8.1" - ], - "v": "<0.8.1" - }, { "advisory": "Ai-python 0.8.1 updates its dependency 'pillow' to v8.3.2 to include security fixes.", "cve": "CVE-2021-23437", @@ -589,6 +579,26 @@ ], "v": "<0.8.1" }, + { + "advisory": "Ai-python 0.8.1 updates its dependency 'tensorflow' to v2.6.1 to include security fixes.", + "cve": "CVE-2021-41206", + "id": "pyup.io-43072", + "more_info_path": "/vulnerabilities/CVE-2021-41206/43072", + "specs": [ + "<0.8.1" + ], + "v": "<0.8.1" + }, + { + "advisory": "Ai-python 0.8.1 updates its dependency 'tensorflow' to v2.6.1 to include security fixes.", + "cve": "CVE-2021-41201", + "id": "pyup.io-43077", + "more_info_path": "/vulnerabilities/CVE-2021-41201/43077", + "specs": [ + "<0.8.1" + ], + "v": "<0.8.1" + }, { "advisory": "Ai-python 0.8.1 updates its dependency 'tensorflow' to v2.6.1 to include security fixes.", "cve": "CVE-2021-41197", @@ -801,19 +811,9 @@ }, { "advisory": "Ai-python 0.8.1 updates its dependency 'tensorflow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-43072", - "more_info_path": "/vulnerabilities/CVE-2021-41206/43072", - "specs": [ - "<0.8.1" - ], - "v": "<0.8.1" - }, - { - "advisory": "Ai-python 0.8.1 updates its dependency 'tensorflow' to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-43077", - "more_info_path": "/vulnerabilities/CVE-2021-41201/43077", + "cve": "CVE-2021-41213", + "id": "pyup.io-43062", + "more_info_path": "/vulnerabilities/CVE-2021-41213/43062", "specs": [ "<0.8.1" ], @@ -875,9 +875,9 @@ }, { "advisory": "Aiida-core 1.6.5 updates 'PyYAML' to v5.4 to fix critical security issues.", - "cve": "CVE-2020-1747", - "id": "pyup.io-43457", - "more_info_path": "/vulnerabilities/CVE-2020-1747/43457", + "cve": "CVE-2020-14343", + "id": "pyup.io-43458", + "more_info_path": "/vulnerabilities/CVE-2020-14343/43458", "specs": [ "<1.6.5" ], @@ -885,9 +885,9 @@ }, { "advisory": "Aiida-core 1.6.5 updates 'PyYAML' to v5.4 to fix critical security issues.", - "cve": "CVE-2020-14343", - "id": "pyup.io-43458", - "more_info_path": "/vulnerabilities/CVE-2020-14343/43458", + "cve": "CVE-2020-1747", + "id": "pyup.io-43457", + "more_info_path": "/vulnerabilities/CVE-2020-1747/43457", "specs": [ "<1.6.5" ], @@ -907,9 +907,9 @@ "aim": [ { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5313", - "id": "pyup.io-48615", - "more_info_path": "/vulnerabilities/CVE-2020-5313/48615", + "cve": "CVE-2020-5311", + "id": "pyup.io-48613", + "more_info_path": "/vulnerabilities/CVE-2020-5311/48613", "specs": [ "<1.2.13" ], @@ -917,9 +917,9 @@ }, { "advisory": "Aim 1.2.13 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5311", - "id": "pyup.io-48613", - "more_info_path": "/vulnerabilities/CVE-2020-5311/48613", + "cve": "CVE-2020-5313", + "id": "pyup.io-48615", + "more_info_path": "/vulnerabilities/CVE-2020-5313/48615", "specs": [ "<1.2.13" ], @@ -966,6 +966,18 @@ "v": ">=0,<3.1.0" } ], + "aio-pika": [ + { + "advisory": "Aio-pika 9.1.5 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/mosquito/aio-pika/pull/566", + "cve": "PVE-2023-59901", + "id": "pyup.io-59901", + "more_info_path": "/vulnerabilities/PVE-2023-59901/59901", + "specs": [ + "<9.1.5" + ], + "v": "<9.1.5" + } + ], "aioapns": [ { "advisory": "Certificate hostname validation in aioapns version 1.10 is enabled by default for security reasons. It can be turned off by using no_cert_validation option.", @@ -1044,6 +1056,16 @@ "<3.8.0" ], "v": "<3.8.0" + }, + { + "advisory": "Aiohttp 3.8.5 includes a fix for CVE-2023-37276: Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling.\r\nhttps://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40\r\nhttps://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w", + "cve": "CVE-2023-37276", + "id": "pyup.io-59725", + "more_info_path": "/vulnerabilities/CVE-2023-37276/59725", + "specs": [ + "<=3.8.4" + ], + "v": "<=3.8.4" } ], "aiohttp-auth-autz": [ @@ -1899,48 +1921,6 @@ "v": ">0,<0" } ], - "ampache": [ - { - "advisory": "Ampache 3.8 fixes an XSS vulnerability.", - "cve": "CVE-2014-8620", - "id": "pyup.io-37865", - "more_info_path": "/vulnerabilities/CVE-2014-8620/37865", - "specs": [ - "<3.8.0" - ], - "v": "<3.8.0" - }, - { - "advisory": "ampache 3.8.2 fixes a potential security vulnerability on smartplaylist search rule and catalog management actions", - "cve": "PVE-2021-37864", - "id": "pyup.io-37864", - "more_info_path": "/vulnerabilities/PVE-2021-37864/37864", - "specs": [ - "<3.8.2" - ], - "v": "<3.8.2" - }, - { - "advisory": "ampache 4.0.0:\r\n* Resolves CVE-2019-12385 for the SQL Injection", - "cve": "CVE-2019-12385", - "id": "pyup.io-37863", - "more_info_path": "/vulnerabilities/CVE-2019-12385/37863", - "specs": [ - "<4.0.0" - ], - "v": "<4.0.0" - }, - { - "advisory": "ampache 4.0.0:\r\n* Resolves CVE-2019-12386 for the persistent XSS\r\n* Resolves NS-18-046 Multiple Reflected Cross-site Scripting Vulnerabilities in Ampache 3.9.0", - "cve": "CVE-2019-12386", - "id": "pyup.io-39602", - "more_info_path": "/vulnerabilities/CVE-2019-12386/39602", - "specs": [ - "<4.0.0" - ], - "v": "<4.0.0" - } - ], "amqtt": [ { "advisory": "Amqtt 0.10.0 includes a security fix: If an attacker could produce a KeyError inside an authentication plugin, the authentication was accepted instead of rejected.\r\nhttps://github.com/Yakifo/amqtt/pull/68", @@ -2697,18 +2677,6 @@ ], "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.11,>=2.9.0a0,<2.9.7" }, - { - "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1736: A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", - "cve": "CVE-2020-1736", - "id": "pyup.io-42875", - "more_info_path": "/vulnerabilities/CVE-2020-1736/42875", - "specs": [ - ">=2.7.0a0,<2.7.17", - ">=2.8.0a0,<2.8.9", - ">=2.9.0a0,<2.9.6" - ], - "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.9,>=2.9.0a0,<2.9.6" - }, { "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-10684: A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10684", "cve": "CVE-2020-10684", @@ -2733,6 +2701,18 @@ ], "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.9,>=2.9.0a0,<2.9.6" }, + { + "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1736: A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restrictive permissions before the move. This could lead to the disclosure of sensitive data. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736", + "cve": "CVE-2020-1736", + "id": "pyup.io-42875", + "more_info_path": "/vulnerabilities/CVE-2020-1736/42875", + "specs": [ + ">=2.7.0a0,<2.7.17", + ">=2.8.0a0,<2.8.9", + ">=2.9.0a0,<2.9.6" + ], + "v": ">=2.7.0a0,<2.7.17,>=2.8.0a0,<2.8.9,>=2.9.0a0,<2.9.6" + }, { "advisory": "Ansible versions 2.7.17, 2.8.9 and 2.9.6 include a fix for CVE-2020-1739: A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior. When a password is set with the argument \"password\" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.\r\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739", "cve": "CVE-2020-1739", @@ -3008,16 +2988,6 @@ } ], "ansitoimg": [ - { - "advisory": "Ansitoimg 2021.0.1 updates its dependency 'pillow' to a version >= 8.1.1 to include security fixes.", - "cve": "CVE-2021-27922", - "id": "pyup.io-40612", - "more_info_path": "/vulnerabilities/CVE-2021-27922/40612", - "specs": [ - "<2021.0.1" - ], - "v": "<2021.0.1" - }, { "advisory": "Ansitoimg 2021.0.1 updates its dependency 'pillow' to a version >= 8.1.1 to include security fixes.", "cve": "CVE-2020-35655", @@ -3067,6 +3037,16 @@ "<2021.0.1" ], "v": "<2021.0.1" + }, + { + "advisory": "Ansitoimg 2021.0.1 updates its dependency 'pillow' to a version >= 8.1.1 to include security fixes.", + "cve": "CVE-2021-27922", + "id": "pyup.io-40612", + "more_info_path": "/vulnerabilities/CVE-2021-27922/40612", + "specs": [ + "<2021.0.1" + ], + "v": "<2021.0.1" } ], "ansys-tools-repo-sync": [ @@ -3121,6 +3101,18 @@ "v": "<0.1.17" } ], + "anthropic": [ + { + "advisory": "Anthropic 0.3.2 updates its dependency 'certifi' to version '2023.5.7' to include a security fix.\r\nhttps://github.com/anthropics/anthropic-sdk-python/pull/51", + "cve": "CVE-2022-23491", + "id": "pyup.io-59254", + "more_info_path": "/vulnerabilities/CVE-2022-23491/59254", + "specs": [ + "<0.3.2" + ], + "v": "<0.3.2" + } + ], "antilles-tools": [ { "advisory": "A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such as PyPi. The configuration has been updated to only install components built by Antilles, removing all other public package indexes. Additionally, the antilles-tools dependency has been published to PyPi.", @@ -3251,20 +3243,20 @@ "v": "<1.10.12" }, { - "advisory": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", - "cve": "CVE-2020-17515", - "id": "pyup.io-42326", - "more_info_path": "/vulnerabilities/CVE-2020-17515/42326", + "advisory": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.", + "cve": "CVE-2020-17513", + "id": "pyup.io-39282", + "more_info_path": "/vulnerabilities/CVE-2020-17513/39282", "specs": [ "<1.10.13" ], "v": "<1.10.13" }, { - "advisory": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.", - "cve": "CVE-2020-17513", - "id": "pyup.io-39282", - "more_info_path": "/vulnerabilities/CVE-2020-17513/39282", + "advisory": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", + "cve": "CVE-2020-17515", + "id": "pyup.io-42326", + "more_info_path": "/vulnerabilities/CVE-2020-17515/42326", "specs": [ "<1.10.13" ], @@ -3340,16 +3332,6 @@ ], "v": "<2.1.2" }, - { - "advisory": "Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.", - "cve": "CVE-2021-37713", - "id": "pyup.io-48618", - "more_info_path": "/vulnerabilities/CVE-2021-37713/48618", - "specs": [ - "<2.3.0" - ], - "v": "<2.3.0" - }, { "advisory": "Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.", "cve": "CVE-2021-37701", @@ -3381,14 +3363,14 @@ "v": "<2.3.0" }, { - "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49785", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49785", + "advisory": "Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.", + "cve": "CVE-2021-37713", + "id": "pyup.io-48618", + "more_info_path": "/vulnerabilities/CVE-2021-37713/48618", "specs": [ - "<=2.3.2" + "<2.3.0" ], - "v": "<=2.3.2" + "v": "<2.3.0" }, { "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", @@ -3400,6 +3382,16 @@ ], "v": "<=2.3.2" }, + { + "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49785", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49785", + "specs": [ + "<=2.3.2" + ], + "v": "<=2.3.2" + }, { "advisory": "Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", "cve": "CVE-2022-29217", @@ -3431,10 +3423,10 @@ "v": ">=0,<1.10.11" }, { - "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", - "cve": "CVE-2020-9485", - "id": "pyup.io-54204", - "more_info_path": "/vulnerabilities/CVE-2020-9485/54204", + "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", + "cve": "CVE-2020-11978", + "id": "pyup.io-54349", + "more_info_path": "/vulnerabilities/CVE-2020-11978/54349", "specs": [ ">=0,<1.10.11rc1" ], @@ -3451,10 +3443,10 @@ "v": ">=0,<1.10.11rc1" }, { - "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", - "cve": "CVE-2020-11978", - "id": "pyup.io-54349", - "more_info_path": "/vulnerabilities/CVE-2020-11978/54349", + "advisory": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", + "cve": "CVE-2020-9485", + "id": "pyup.io-54204", + "more_info_path": "/vulnerabilities/CVE-2020-9485/54204", "specs": [ ">=0,<1.10.11rc1" ], @@ -3551,40 +3543,40 @@ "v": ">=0,<1.10.6rc1" }, { - "advisory": "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", - "cve": "CVE-2017-17835", - "id": "pyup.io-53948", - "more_info_path": "/vulnerabilities/CVE-2017-17835/53948", + "advisory": "In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.", + "cve": "CVE-2017-17836", + "id": "pyup.io-53950", + "more_info_path": "/vulnerabilities/CVE-2017-17836/53950", "specs": [ ">=0,<1.9.0" ], "v": ">=0,<1.9.0" }, { - "advisory": "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.", - "cve": "CVE-2017-15720", - "id": "pyup.io-53938", - "more_info_path": "/vulnerabilities/CVE-2017-15720/53938", + "advisory": "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.", + "cve": "CVE-2017-12614", + "id": "pyup.io-53928", + "more_info_path": "/vulnerabilities/CVE-2017-12614/53928", "specs": [ ">=0,<1.9.0" ], "v": ">=0,<1.9.0" }, { - "advisory": "In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.", - "cve": "CVE-2017-17836", - "id": "pyup.io-53950", - "more_info_path": "/vulnerabilities/CVE-2017-17836/53950", + "advisory": "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", + "cve": "CVE-2017-17835", + "id": "pyup.io-53948", + "more_info_path": "/vulnerabilities/CVE-2017-17835/53948", "specs": [ ">=0,<1.9.0" ], "v": ">=0,<1.9.0" }, { - "advisory": "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.", - "cve": "CVE-2017-12614", - "id": "pyup.io-53928", - "more_info_path": "/vulnerabilities/CVE-2017-12614/53928", + "advisory": "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.", + "cve": "CVE-2017-15720", + "id": "pyup.io-53938", + "more_info_path": "/vulnerabilities/CVE-2017-15720/53938", "specs": [ ">=0,<1.9.0" ], @@ -3985,6 +3977,30 @@ "v": "<=2021.3.3" } ], + "apache-airflow-backport-providers-apache-hive": [ + { + "advisory": "Apache-airflow-backport-providers-apache-hive is affected by CVE-2023-28706.", + "cve": "CVE-2023-28706", + "id": "pyup.io-59570", + "more_info_path": "/vulnerabilities/CVE-2023-28706/59570", + "specs": [ + "<=2021.3.3" + ], + "v": "<=2021.3.3" + } + ], + "apache-airflow-backport-providers-apache-spark": [ + { + "advisory": "Apache-airflow-backport-providers-apache-spark is affected by CVE-2023-28710.", + "cve": "CVE-2023-28710", + "id": "pyup.io-59572", + "more_info_path": "/vulnerabilities/CVE-2023-28710/59572", + "specs": [ + "<=2021.3.3" + ], + "v": "<=2021.3.3" + } + ], "apache-airflow-backport-providers-cncf-kubernetes": [ { "advisory": "Apache-airflow-backport-providers-cncf-kubernetes 2021.3.3 and prior versions ship with vulnerable dependencies (flask-appbuilder == 2.3.4).", @@ -4838,6 +4854,16 @@ } ], "apache-airflow-providers-amazon": [ + { + "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49835", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49835", + "specs": [ + "<=4.0.0" + ], + "v": "<=4.0.0" + }, { "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", "cve": "PVE-2022-47833", @@ -4858,16 +4884,6 @@ ], "v": "<=4.0.0" }, - { - "advisory": "Apache-airflow-providers-amazon 4.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49835", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49835", - "specs": [ - "<=4.0.0" - ], - "v": "<=4.0.0" - }, { "advisory": "Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.", "cve": "CVE-2023-25956", @@ -4879,6 +4895,18 @@ "v": ">=0,<7.2.1" } ], + "apache-airflow-providers-apache-drill": [ + { + "advisory": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.\r\n\r\n\r\n\r\nAlias(es):\r\nGHSA-85pf-r4c7-3j9r\r\nPYSEC-2023-3", + "cve": "CVE-2023-28707", + "id": "pyup.io-59573", + "more_info_path": "/vulnerabilities/CVE-2023-28707/59573", + "specs": [ + "<2.3.2" + ], + "v": "<2.3.2" + } + ], "apache-airflow-providers-apache-hdfs": [ { "advisory": "Apache-airflow-providers-apache-hdfs 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", @@ -4913,14 +4941,14 @@ ], "apache-airflow-providers-apache-hive": [ { - "advisory": "Apache-airflow-providers-apache-hive 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", - "cve": "CVE-2022-29217", - "id": "pyup.io-49870", - "more_info_path": "/vulnerabilities/CVE-2022-29217/49870", + "advisory": "Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.\r\n\r\n\r\n\r\nAlias:\r\nGHSA-5cvg-9pp5-mxcj", + "cve": "CVE-2023-28706", + "id": "pyup.io-59569", + "more_info_path": "/vulnerabilities/CVE-2023-28706/59569", "specs": [ - "<=3.0.0" + "<6.0.0" ], - "v": "<=3.0.0" + "v": "<6.0.0" }, { "advisory": "Apache-airflow-providers-apache-hive 3.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", @@ -4942,6 +4970,16 @@ ], "v": "<=3.0.0" }, + { + "advisory": "Apache-airflow-providers-apache-hive 3.0.0 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).", + "cve": "CVE-2022-29217", + "id": "pyup.io-49870", + "more_info_path": "/vulnerabilities/CVE-2022-29217/49870", + "specs": [ + "<=3.0.0" + ], + "v": "<=3.0.0" + }, { "advisory": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0.", "cve": "CVE-2022-46421", @@ -4996,6 +5034,16 @@ } ], "apache-airflow-providers-apache-spark": [ + { + "advisory": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.\r\n\r\n\r\n\r\nAlias:\r\nGHSA-ffj9-4crc-q7wf", + "cve": "CVE-2023-28710", + "id": "pyup.io-59571", + "more_info_path": "/vulnerabilities/CVE-2023-28710/59571", + "specs": [ + "<4.0.1" + ], + "v": "<4.0.1" + }, { "advisory": "Apache-airflow-providers-apache-spark 3.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", "cve": "PVE-2021-42852", @@ -5615,20 +5663,20 @@ ], "apache-airflow-providers-postgres": [ { - "advisory": "Apache-airflow-providers-postgres 5.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", - "cve": "PVE-2021-42852", - "id": "pyup.io-49823", - "more_info_path": "/vulnerabilities/PVE-2021-42852/49823", + "advisory": "Apache-airflow-providers-postgres 5.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", + "cve": "PVE-2022-47833", + "id": "pyup.io-49821", + "more_info_path": "/vulnerabilities/PVE-2022-47833/49821", "specs": [ "<=5.0.0" ], "v": "<=5.0.0" }, { - "advisory": "Apache-airflow-providers-postgres 5.0.0 and prior versions ship with vulnerable dependencies (click == 7.1.2).", - "cve": "PVE-2022-47833", - "id": "pyup.io-49821", - "more_info_path": "/vulnerabilities/PVE-2022-47833/49821", + "advisory": "Apache-airflow-providers-postgres 5.0.0 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).", + "cve": "PVE-2021-42852", + "id": "pyup.io-49823", + "more_info_path": "/vulnerabilities/PVE-2021-42852/49823", "specs": [ "<=5.0.0" ], @@ -5934,56 +5982,6 @@ } ], "apache-dolphinscheduler": [ - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14379", - "id": "pyup.io-50530", - "more_info_path": "/vulnerabilities/CVE-2019-14379/50530", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-19360", - "id": "pyup.io-50541", - "more_info_path": "/vulnerabilities/CVE-2018-19360/50541", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-14893", - "id": "pyup.io-50528", - "more_info_path": "/vulnerabilities/CVE-2019-14893/50528", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-12023", - "id": "pyup.io-50548", - "more_info_path": "/vulnerabilities/CVE-2018-12023/50548", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-11113", - "id": "pyup.io-50552", - "more_info_path": "/vulnerabilities/CVE-2020-11113/50552", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", "cve": "CVE-2018-19362", @@ -6064,16 +6062,6 @@ ], "v": "<3.0.0" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-12086", - "id": "pyup.io-50535", - "more_info_path": "/vulnerabilities/CVE-2019-12086/50535", - "specs": [ - "<3.0.0" - ], - "v": "<3.0.0" - }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'postgresql' to v42.3.4 to include security fixes.", "cve": "CVE-2020-13692", @@ -6144,6 +6132,16 @@ ], "v": "<3.0.0" }, + { + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-8840", + "id": "pyup.io-50529", + "more_info_path": "/vulnerabilities/CVE-2020-8840/50529", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", "cve": "CVE-2019-14439", @@ -6156,9 +6154,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-8840", - "id": "pyup.io-50529", - "more_info_path": "/vulnerabilities/CVE-2020-8840/50529", + "cve": "CVE-2019-20330", + "id": "pyup.io-50538", + "more_info_path": "/vulnerabilities/CVE-2019-20330/50538", "specs": [ "<3.0.0" ], @@ -6176,9 +6174,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-20330", - "id": "pyup.io-50538", - "more_info_path": "/vulnerabilities/CVE-2019-20330/50538", + "cve": "CVE-2020-10673", + "id": "pyup.io-50550", + "more_info_path": "/vulnerabilities/CVE-2020-10673/50550", "specs": [ "<3.0.0" ], @@ -6186,9 +6184,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-19361", - "id": "pyup.io-50542", - "more_info_path": "/vulnerabilities/CVE-2018-19361/50542", + "cve": "CVE-2018-14719", + "id": "pyup.io-50545", + "more_info_path": "/vulnerabilities/CVE-2018-14719/50545", "specs": [ "<3.0.0" ], @@ -6204,11 +6202,21 @@ ], "v": "<3.0.0" }, + { + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'logback' to v1.2.11 to include a security fix.", + "cve": "CVE-2021-42550", + "id": "pyup.io-50559", + "more_info_path": "/vulnerabilities/CVE-2021-42550/50559", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-14719", - "id": "pyup.io-50545", - "more_info_path": "/vulnerabilities/CVE-2018-14719/50545", + "cve": "CVE-2019-17531", + "id": "pyup.io-50539", + "more_info_path": "/vulnerabilities/CVE-2019-17531/50539", "specs": [ "<3.0.0" ], @@ -6216,19 +6224,19 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-10673", - "id": "pyup.io-50550", - "more_info_path": "/vulnerabilities/CVE-2020-10673/50550", + "cve": "CVE-2020-10968", + "id": "pyup.io-50553", + "more_info_path": "/vulnerabilities/CVE-2020-10968/50553", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'postgresql' to v42.3.4 to include security fixes.", - "cve": "CVE-2022-21724", - "id": "pyup.io-50556", - "more_info_path": "/vulnerabilities/CVE-2022-21724/50556", + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2018-14721", + "id": "pyup.io-50547", + "more_info_path": "/vulnerabilities/CVE-2018-14721/50547", "specs": [ "<3.0.0" ], @@ -6236,19 +6244,19 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2019-17531", - "id": "pyup.io-50539", - "more_info_path": "/vulnerabilities/CVE-2019-17531/50539", + "cve": "CVE-2019-12086", + "id": "pyup.io-50535", + "more_info_path": "/vulnerabilities/CVE-2019-12086/50535", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'logback' to v1.2.11 to include a security fix.", - "cve": "CVE-2021-42550", - "id": "pyup.io-50559", - "more_info_path": "/vulnerabilities/CVE-2021-42550/50559", + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'postgresql' to v42.3.4 to include security fixes.", + "cve": "CVE-2022-21724", + "id": "pyup.io-50556", + "more_info_path": "/vulnerabilities/CVE-2022-21724/50556", "specs": [ "<3.0.0" ], @@ -6276,9 +6284,9 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-10968", - "id": "pyup.io-50553", - "more_info_path": "/vulnerabilities/CVE-2020-10968/50553", + "cve": "CVE-2018-19360", + "id": "pyup.io-50541", + "more_info_path": "/vulnerabilities/CVE-2018-19360/50541", "specs": [ "<3.0.0" ], @@ -6286,23 +6294,53 @@ }, { "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", - "cve": "CVE-2018-14721", - "id": "pyup.io-50547", - "more_info_path": "/vulnerabilities/CVE-2018-14721/50547", + "cve": "CVE-2018-12023", + "id": "pyup.io-50548", + "more_info_path": "/vulnerabilities/CVE-2018-12023/50548", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-35728", - "id": "pyup.io-49231", - "more_info_path": "/vulnerabilities/CVE-2020-35728/49231", + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-11113", + "id": "pyup.io-50552", + "more_info_path": "/vulnerabilities/CVE-2020-11113/50552", "specs": [ - "<3.0.0beta1" + "<3.0.0" ], - "v": "<3.0.0beta1" + "v": "<3.0.0" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2019-14379", + "id": "pyup.io-50530", + "more_info_path": "/vulnerabilities/CVE-2019-14379/50530", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2019-14893", + "id": "pyup.io-50528", + "more_info_path": "/vulnerabilities/CVE-2019-14893/50528", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0 updates its MAVEN dependency 'jackson.databind' to v2.9.10.8 to include security fixes.", + "cve": "CVE-2018-19361", + "id": "pyup.io-50542", + "more_info_path": "/vulnerabilities/CVE-2018-19361/50542", + "specs": [ + "<3.0.0" + ], + "v": "<3.0.0" }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", @@ -6324,16 +6362,6 @@ ], "v": "<3.0.0beta1" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", - "cve": "CVE-2022-26520", - "id": "pyup.io-49234", - "more_info_path": "/vulnerabilities/CVE-2022-26520/49234", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", "cve": "CVE-2020-36187", @@ -6344,16 +6372,6 @@ ], "v": "<3.0.0beta1" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", - "cve": "CVE-2022-21724", - "id": "pyup.io-49235", - "more_info_path": "/vulnerabilities/CVE-2022-21724/49235", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", "cve": "CVE-2020-36182", @@ -6374,16 +6392,6 @@ ], "v": "<3.0.0beta1" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-36186", - "id": "pyup.io-49154", - "more_info_path": "/vulnerabilities/CVE-2020-36186/49154", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", "cve": "CVE-2020-36183", @@ -6394,16 +6402,6 @@ ], "v": "<3.0.0beta1" }, - { - "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", - "cve": "CVE-2020-36181", - "id": "pyup.io-49225", - "more_info_path": "/vulnerabilities/CVE-2020-36181/49225", - "specs": [ - "<3.0.0beta1" - ], - "v": "<3.0.0beta1" - }, { "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", "cve": "CVE-2020-13692", @@ -6464,6 +6462,56 @@ ], "v": "<3.0.0beta1" }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-36186", + "id": "pyup.io-49154", + "more_info_path": "/vulnerabilities/CVE-2020-36186/49154", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-36181", + "id": "pyup.io-49225", + "more_info_path": "/vulnerabilities/CVE-2020-36181/49225", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 requires Maven dependency 'jackson-databind' v2.9.10.8 to include security fixes.", + "cve": "CVE-2020-35728", + "id": "pyup.io-49231", + "more_info_path": "/vulnerabilities/CVE-2020-35728/49231", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", + "cve": "CVE-2022-21724", + "id": "pyup.io-49235", + "more_info_path": "/vulnerabilities/CVE-2022-21724/49235", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, + { + "advisory": "Apache-dolphinscheduler 3.0.0beta1 updates its Maven dependency 'postgresql' to v42.3.4 to include security fixes.", + "cve": "CVE-2022-26520", + "id": "pyup.io-49234", + "more_info_path": "/vulnerabilities/CVE-2022-26520/49234", + "specs": [ + "<3.0.0beta1" + ], + "v": "<3.0.0beta1" + }, { "advisory": "Apache-dolphinscheduler 3.0.0beta2 updates its Maven dependency 'logback-core' to v1.2.11 to include a security fix.", "cve": "PVE-2022-49741", @@ -6484,26 +6532,6 @@ ], "v": "<3.0.0beta2" }, - { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", - "cve": "CVE-2021-23463", - "id": "pyup.io-51310", - "more_info_path": "/vulnerabilities/CVE-2021-23463/51310", - "specs": [ - "<3.1.0" - ], - "v": "<3.1.0" - }, - { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'commons-io' to v2.11.0 to include a security fix.", - "cve": "CVE-2021-29425", - "id": "pyup.io-51314", - "more_info_path": "/vulnerabilities/CVE-2021-29425/51314", - "specs": [ - "<3.1.0" - ], - "v": "<3.1.0" - }, { "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that adds validations of possible malicious keys.\r\nhttps://github.com/apache/dolphinscheduler/commit/5811b84fcc7cc0ff354cf8e871f36aa3ae61aa2a", "cve": "PVE-2022-51304", @@ -6525,20 +6553,20 @@ "v": "<3.1.0" }, { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that fixes a vulnerability in LDAP login.\r\nhttps://github.com/apache/dolphinscheduler/commit/17a9dd25fa0e80b048394f79db130f56eb8ef72f", - "cve": "PVE-2022-51292", - "id": "pyup.io-51292", - "more_info_path": "/vulnerabilities/PVE-2022-51292/51292", + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", + "cve": "CVE-2022-23221", + "id": "pyup.io-51308", + "more_info_path": "/vulnerabilities/CVE-2022-23221/51308", "specs": [ "<3.1.0" ], "v": "<3.1.0" }, { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hadoop' to v2.7.7 to include security fixes.", - "cve": "CVE-2017-15718", - "id": "pyup.io-51305", - "more_info_path": "/vulnerabilities/CVE-2017-15718/51305", + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'postgresql' to v42.4.1 to include a security fix.", + "cve": "CVE-2022-31197", + "id": "pyup.io-51311", + "more_info_path": "/vulnerabilities/CVE-2022-31197/51311", "specs": [ "<3.1.0" ], @@ -6554,21 +6582,41 @@ ], "v": "<3.1.0" }, + { + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hadoop' to v2.7.7 to include security fixes.", + "cve": "CVE-2018-8009", + "id": "pyup.io-51306", + "more_info_path": "/vulnerabilities/CVE-2018-8009/51306", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + }, { "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", - "cve": "CVE-2022-23221", - "id": "pyup.io-51308", - "more_info_path": "/vulnerabilities/CVE-2022-23221/51308", + "cve": "CVE-2021-42392", + "id": "pyup.io-51309", + "more_info_path": "/vulnerabilities/CVE-2021-42392/51309", "specs": [ "<3.1.0" ], "v": "<3.1.0" }, { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'postgresql' to v42.4.1 to include a security fix.", - "cve": "CVE-2022-31197", - "id": "pyup.io-51311", - "more_info_path": "/vulnerabilities/CVE-2022-31197/51311", + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that fixes a vulnerability in LDAP login.\r\nhttps://github.com/apache/dolphinscheduler/commit/17a9dd25fa0e80b048394f79db130f56eb8ef72f", + "cve": "PVE-2022-51292", + "id": "pyup.io-51292", + "more_info_path": "/vulnerabilities/PVE-2022-51292/51292", + "specs": [ + "<3.1.0" + ], + "v": "<3.1.0" + }, + { + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hadoop' to v2.7.7 to include security fixes.", + "cve": "CVE-2017-15718", + "id": "pyup.io-51305", + "more_info_path": "/vulnerabilities/CVE-2017-15718/51305", "specs": [ "<3.1.0" ], @@ -6585,27 +6633,27 @@ "v": "<3.1.0" }, { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'hadoop' to v2.7.7 to include security fixes.", - "cve": "CVE-2018-8009", - "id": "pyup.io-51306", - "more_info_path": "/vulnerabilities/CVE-2018-8009/51306", + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", + "cve": "CVE-2021-23463", + "id": "pyup.io-51310", + "more_info_path": "/vulnerabilities/CVE-2021-23463/51310", "specs": [ "<3.1.0" ], "v": "<3.1.0" }, { - "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'h2' to v2.1.210 to include security fixes.", - "cve": "CVE-2021-42392", - "id": "pyup.io-51309", - "more_info_path": "/vulnerabilities/CVE-2021-42392/51309", + "advisory": "Apache-dolphinscheduler (Python API) 3.1.0 works together with apache-dolphinscheduler (core) 3.1.0, that updates its MAVEN dependency 'commons-io' to v2.11.0 to include a security fix.", + "cve": "CVE-2021-29425", + "id": "pyup.io-51314", + "more_info_path": "/vulnerabilities/CVE-2021-29425/51314", "specs": [ "<3.1.0" ], "v": "<3.1.0" }, { - "advisory": "Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks. Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.", + "advisory": "Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.", "cve": "CVE-2022-25598", "id": "pyup.io-54431", "more_info_path": "/vulnerabilities/CVE-2022-25598/54431", @@ -6617,20 +6665,20 @@ ], "apache-flink": [ { - "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", - "cve": "CVE-2021-44228", - "id": "pyup.io-43416", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43416", + "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", + "cve": "CVE-2021-45046", + "id": "pyup.io-43417", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43417", "specs": [ "<1.14.2" ], "v": "<1.14.2" }, { - "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", - "cve": "CVE-2021-45046", - "id": "pyup.io-43417", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43417", + "advisory": "Apache-flink 1.14.2 updates its dependency 'log4j' to v2.16.0 to include security fixes.\r\nhttps://github.com/apache/flink/commit/361ce6591069b2f7317f1c181cdaf7965615415c", + "cve": "CVE-2021-44228", + "id": "pyup.io-43416", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43416", "specs": [ "<1.14.2" ], @@ -6657,49 +6705,6 @@ "v": "<1.14.3" } ], - "apache-iotdb": [ - { - "advisory": "Apache-iotdb 0.13.1 fixes possible SQL injection vulnerability in grafana-connector.\r\nhttps://github.com/apache/iotdb/pull/5450\r\nhttps://github.com/apache/iotdb/pull/5452", - "cve": "PVE-2022-50562", - "id": "pyup.io-50562", - "more_info_path": "/vulnerabilities/PVE-2022-50562/50562", - "specs": [ - "<0.13.1" - ], - "v": "<0.13.1" - }, - { - "advisory": "Apache-iotdb 0.13.1 fixes possible XSS vulnerability in grafana-connector.\r\nhttps://github.com/apache/iotdb/pull/5450", - "cve": "PVE-2022-50593", - "id": "pyup.io-50593", - "more_info_path": "/vulnerabilities/PVE-2022-50593/50593", - "specs": [ - "<0.13.1" - ], - "v": "<0.13.1" - }, - { - "advisory": "Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue.", - "cve": "CVE-2022-38369", - "id": "pyup.io-54526", - "more_info_path": "/vulnerabilities/CVE-2022-38369/54526", - "specs": [ - ">=0,<0.13.1" - ], - "v": ">=0,<0.13.1" - }, - { - "advisory": "Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.", - "cve": "CVE-2022-43766", - "id": "pyup.io-54563", - "more_info_path": "/vulnerabilities/CVE-2022-43766/54563", - "specs": [ - ">=0.13.0,<0.14.0rc1", - ">=0.12.2,<0.13.0" - ], - "v": ">=0.13.0,<0.14.0rc1,>=0.12.2,<0.13.0" - } - ], "apache-libcloud": [ { "advisory": "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.", @@ -6903,6 +6908,16 @@ ], "v": "<0.35.2" }, + { + "advisory": "Apache-superset 0.36.0 updates its NPM dependency 'serialize-javascript' to v2.1.2 to include security fixes.\r\nhttps://github.com/apache/superset/pull/9106/commits/788faad7f33e1b69afcee0f01c9fc7cdccb7f81f", + "cve": "CVE-2019-16772", + "id": "pyup.io-44578", + "more_info_path": "/vulnerabilities/CVE-2019-16772/44578", + "specs": [ + "<0.36.0" + ], + "v": "<0.36.0" + }, { "advisory": "Apache-superset 0.36.0 updates its NPM dependency 'serialize-javascript' to v2.1.2 to include security fixes.\r\nhttps://github.com/apache/superset/pull/9106/commits/788faad7f33e1b69afcee0f01c9fc7cdccb7f81f", "cve": "CVE-2019-16769", @@ -6933,16 +6948,6 @@ ], "v": "<0.36.0" }, - { - "advisory": "Apache-superset 0.36.0 updates its NPM dependency 'serialize-javascript' to v2.1.2 to include security fixes.\r\nhttps://github.com/apache/superset/pull/9106/commits/788faad7f33e1b69afcee0f01c9fc7cdccb7f81f", - "cve": "CVE-2019-16772", - "id": "pyup.io-44578", - "more_info_path": "/vulnerabilities/CVE-2019-16772/44578", - "specs": [ - "<0.36.0" - ], - "v": "<0.36.0" - }, { "advisory": "Apache-superset 0.37.0 includes various security-related improvements. It fixes regression in #9689 (9705), it fixes can_access with None because it crashed on builtin roles (#10039), it renames schemas_accessible_by_user (#10030), renames access methods (#10031), it updates assert logic (#10034), and it fixes the dbs/clusters perm (#10130).", "cve": "PVE-2021-39474", @@ -7054,6 +7059,72 @@ ], "v": "<=1.5.2,==2.0.0" }, + { + "advisory": "When explicitly enabling the feature flag 'DASHBOARD_CACHE' (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-45438", + "id": "pyup.io-54614", + "more_info_path": "/vulnerabilities/CVE-2022-45438/54614", + "specs": [ + "<=1.5.2", + "==2.0.0" + ], + "v": "<=1.5.2,==2.0.0" + }, + { + "advisory": "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43721", + "id": "pyup.io-54615", + "more_info_path": "/vulnerabilities/CVE-2022-43721/54615", + "specs": [ + "<=1.5.2", + "==2.0.0" + ], + "v": "<=1.5.2,==2.0.0" + }, + { + "advisory": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43720", + "id": "pyup.io-54625", + "more_info_path": "/vulnerabilities/CVE-2022-43720/54625", + "specs": [ + "<=1.5.2", + "==2.0.0" + ], + "v": "<=1.5.2,==2.0.0" + }, + { + "advisory": "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43719", + "id": "pyup.io-54612", + "more_info_path": "/vulnerabilities/CVE-2022-43719/54612", + "specs": [ + "<=1.5.2", + "==2.0.0" + ], + "v": "<=1.5.2,==2.0.0" + }, + { + "advisory": "Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43717", + "id": "pyup.io-54616", + "more_info_path": "/vulnerabilities/CVE-2022-43717/54616", + "specs": [ + "<=1.5.2", + "==2.0.0" + ], + "v": "<=1.5.2,==2.0.0" + }, + { + "advisory": "Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", + "cve": "CVE-2022-43718", + "id": "pyup.io-54611", + "more_info_path": "/vulnerabilities/CVE-2022-43718/54611", + "specs": [ + "<=1.5.2", + "==2.0.0" + ], + "v": "<=1.5.2,==2.0.0" + }, { "advisory": "In Apache Incubator Superset before 0.31 user could query database metadata information from a database it has no access to, by using a specially crafted complex query.", "cve": "CVE-2019-12413", @@ -7174,72 +7245,6 @@ ], "v": ">=0,<1.5.1" }, - { - "advisory": "Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43717", - "id": "pyup.io-54616", - "more_info_path": "/vulnerabilities/CVE-2022-43717/54616", - "specs": [ - ">=0", - ">=2.0.0" - ], - "v": ">=0,>=2.0.0" - }, - { - "advisory": "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43721", - "id": "pyup.io-54615", - "more_info_path": "/vulnerabilities/CVE-2022-43721/54615", - "specs": [ - ">=0", - ">=2.0.0" - ], - "v": ">=0,>=2.0.0" - }, - { - "advisory": "Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43718", - "id": "pyup.io-54611", - "more_info_path": "/vulnerabilities/CVE-2022-43718/54611", - "specs": [ - ">=0", - ">=2.0.0" - ], - "v": ">=0,>=2.0.0" - }, - { - "advisory": "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43719", - "id": "pyup.io-54612", - "more_info_path": "/vulnerabilities/CVE-2022-43719/54612", - "specs": [ - ">=0", - ">=2.0.0" - ], - "v": ">=0,>=2.0.0" - }, - { - "advisory": "When explicitly enabling the feature flag `DASHBOARD_CACHE` (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-45438", - "id": "pyup.io-54614", - "more_info_path": "/vulnerabilities/CVE-2022-45438/54614", - "specs": [ - ">=0", - ">=2.0.0" - ], - "v": ">=0,>=2.0.0" - }, - { - "advisory": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", - "cve": "CVE-2022-43720", - "id": "pyup.io-54625", - "more_info_path": "/vulnerabilities/CVE-2022-43720/54625", - "specs": [ - ">=0", - ">=2.0.0" - ], - "v": ">=0,>=2.0.0" - }, { "advisory": "An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset.", "cve": "CVE-2020-1932", @@ -7334,6 +7339,16 @@ "<0.2.0" ], "v": "<0.2.0" + }, + { + "advisory": "Apimatic-core 0.2.3 updates its dependency 'requests' to version '2.31' to include a fix for an Information Exposure vulnerability.\r\nhttps://github.com/apimatic/core-lib-python/pull/40", + "cve": "CVE-2023-32681", + "id": "pyup.io-59862", + "more_info_path": "/vulnerabilities/CVE-2023-32681/59862", + "specs": [ + "<0.2.3" + ], + "v": "<0.2.3" } ], "apischema": [ @@ -7701,9 +7716,9 @@ }, { "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", - "cve": "CVE-2018-20822", - "id": "pyup.io-52814", - "more_info_path": "/vulnerabilities/CVE-2018-20822/52814", + "cve": "CVE-2019-18797", + "id": "pyup.io-52811", + "more_info_path": "/vulnerabilities/CVE-2019-18797/52811", "specs": [ "<0.13.0" ], @@ -7721,9 +7736,9 @@ }, { "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", - "cve": "CVE-2019-18797", - "id": "pyup.io-52811", - "more_info_path": "/vulnerabilities/CVE-2019-18797/52811", + "cve": "CVE-2020-24025", + "id": "pyup.io-52782", + "more_info_path": "/vulnerabilities/CVE-2020-24025/52782", "specs": [ "<0.13.0" ], @@ -7731,9 +7746,9 @@ }, { "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", - "cve": "CVE-2020-24025", - "id": "pyup.io-52782", - "more_info_path": "/vulnerabilities/CVE-2020-24025/52782", + "cve": "CVE-2019-18798", + "id": "pyup.io-52810", + "more_info_path": "/vulnerabilities/CVE-2019-18798/52810", "specs": [ "<0.13.0" ], @@ -7751,9 +7766,9 @@ }, { "advisory": "Argilla 0.13.0 stops requiring its NPM dependency 'node-sass' to avoid security issues.", - "cve": "CVE-2019-18798", - "id": "pyup.io-52810", - "more_info_path": "/vulnerabilities/CVE-2019-18798/52810", + "cve": "CVE-2018-20822", + "id": "pyup.io-52814", + "more_info_path": "/vulnerabilities/CVE-2018-20822/52814", "specs": [ "<0.13.0" ], @@ -7863,6 +7878,16 @@ ], "v": "<6.3.10,>=6.4.0rc1,<6.4.4" }, + { + "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", + "cve": "CVE-2020-28052", + "id": "pyup.io-50691", + "more_info_path": "/vulnerabilities/CVE-2020-28052/50691", + "specs": [ + "<6.3.9" + ], + "v": "<6.3.9" + }, { "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates NPM dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/d874c1a87b65b300b2a4c93032bd2970d6f91d8f", "cve": "CVE-2022-24785", @@ -7875,9 +7900,9 @@ }, { "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", - "cve": "CVE-2020-28052", - "id": "pyup.io-50691", - "more_info_path": "/vulnerabilities/CVE-2020-28052/50691", + "cve": "CVE-2021-22569", + "id": "pyup.io-50686", + "more_info_path": "/vulnerabilities/CVE-2021-22569/50686", "specs": [ "<6.3.9" ], @@ -7885,9 +7910,19 @@ }, { "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", - "cve": "CVE-2021-22569", - "id": "pyup.io-50686", - "more_info_path": "/vulnerabilities/CVE-2021-22569/50686", + "cve": "CVE-2021-35515", + "id": "pyup.io-50688", + "more_info_path": "/vulnerabilities/CVE-2021-35515/50688", + "specs": [ + "<6.3.9" + ], + "v": "<6.3.9" + }, + { + "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", + "cve": "CVE-2020-8908", + "id": "pyup.io-50685", + "more_info_path": "/vulnerabilities/CVE-2020-8908/50685", "specs": [ "<6.3.9" ], @@ -7923,16 +7958,6 @@ ], "v": "<6.3.9" }, - { - "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", - "cve": "CVE-2021-35515", - "id": "pyup.io-50688", - "more_info_path": "/vulnerabilities/CVE-2021-35515/50688", - "specs": [ - "<6.3.9" - ], - "v": "<6.3.9" - }, { "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", "cve": "CVE-2021-36090", @@ -7943,16 +7968,6 @@ ], "v": "<6.3.9" }, - { - "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", - "cve": "CVE-2020-8908", - "id": "pyup.io-50685", - "more_info_path": "/vulnerabilities/CVE-2020-8908/50685", - "specs": [ - "<6.3.9" - ], - "v": "<6.3.9" - }, { "advisory": "Argo-workflows 6.3.9 (Python SDK) is compatible with Argo-workflows core v3.3.9, that updates Maven dependencies to include security fixes.\r\nhttps://github.com/argoproj/argo-workflows/commit/481137c259b05c6a5b3c0e3adab1649c2b512364", "cve": "CVE-2021-35517", @@ -8198,9 +8213,9 @@ "astropy": [ { "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3848", - "id": "pyup.io-35810", - "more_info_path": "/vulnerabilities/CVE-2018-3848/35810", + "cve": "CVE-2018-3847", + "id": "pyup.io-48549", + "more_info_path": "/vulnerabilities/CVE-2018-3847/48549", "specs": [ "<3.0.1" ], @@ -8218,9 +8233,9 @@ }, { "advisory": "Astropy 3.0.1 updates the bundled CFITSIO library to 3.430. This is to remedy a critical security vulnerability that was identified by NASA.", - "cve": "CVE-2018-3847", - "id": "pyup.io-48549", - "more_info_path": "/vulnerabilities/CVE-2018-3847/48549", + "cve": "CVE-2018-3848", + "id": "pyup.io-35810", + "more_info_path": "/vulnerabilities/CVE-2018-3848/35810", "specs": [ "<3.0.1" ], @@ -8238,9 +8253,9 @@ }, { "advisory": "Astropy 5.1.1 and 5.0.5 update its JS dependency 'jquery' to v3.6.0 to include security fixes.", - "cve": "CVE-2020-11023", - "id": "pyup.io-52172", - "more_info_path": "/vulnerabilities/CVE-2020-11023/52172", + "cve": "CVE-2020-11022", + "id": "pyup.io-52131", + "more_info_path": "/vulnerabilities/CVE-2020-11022/52131", "specs": [ ">=5.1rc1,<5.1.1", "<5.0.5" @@ -8249,9 +8264,9 @@ }, { "advisory": "Astropy 5.1.1 and 5.0.5 update its JS dependency 'jquery' to v3.6.0 to include security fixes.", - "cve": "CVE-2020-11022", - "id": "pyup.io-52131", - "more_info_path": "/vulnerabilities/CVE-2020-11022/52131", + "cve": "CVE-2020-11023", + "id": "pyup.io-52172", + "more_info_path": "/vulnerabilities/CVE-2020-11023/52172", "specs": [ ">=5.1rc1,<5.1.1", "<5.0.5" @@ -8372,16 +8387,6 @@ } ], "atlasapi": [ - { - "advisory": "Atlasapi 2.0.5 updates its dependency 'sphinx' to v3.0.4 to include security fixes.", - "cve": "CVE-2020-11022", - "id": "pyup.io-51567", - "more_info_path": "/vulnerabilities/CVE-2020-11022/51567", - "specs": [ - "<2.0.5" - ], - "v": "<2.0.5" - }, { "advisory": "Atlasapi 2.0.5 updates its dependency 'pygments' to v2.7.4 to include security fixes.", "cve": "CVE-2021-20270", @@ -8411,6 +8416,16 @@ "<2.0.5" ], "v": "<2.0.5" + }, + { + "advisory": "Atlasapi 2.0.5 updates its dependency 'sphinx' to v3.0.4 to include security fixes.", + "cve": "CVE-2020-11022", + "id": "pyup.io-51567", + "more_info_path": "/vulnerabilities/CVE-2020-11022/51567", + "specs": [ + "<2.0.5" + ], + "v": "<2.0.5" } ], "att-iot-gateway": [ @@ -8882,9 +8897,9 @@ }, { "advisory": "Autogluon 0.6.1 updates its dependency 'pillow' requirement to '>=9.3.0' to include security fixes.", - "cve": "CVE-2022-24303", - "id": "pyup.io-52411", - "more_info_path": "/vulnerabilities/CVE-2022-24303/52411", + "cve": "CVE-2022-45198", + "id": "pyup.io-52534", + "more_info_path": "/vulnerabilities/CVE-2022-45198/52534", "specs": [ "<0.6.1" ], @@ -8892,9 +8907,9 @@ }, { "advisory": "Autogluon 0.6.1 updates its dependency 'pillow' requirement to '>=9.3.0' to include security fixes.", - "cve": "CVE-2022-45198", - "id": "pyup.io-52534", - "more_info_path": "/vulnerabilities/CVE-2022-45198/52534", + "cve": "CVE-2022-24303", + "id": "pyup.io-52411", + "more_info_path": "/vulnerabilities/CVE-2022-24303/52411", "specs": [ "<0.6.1" ], @@ -8912,9 +8927,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-44228", - "id": "pyup.io-48621", - "more_info_path": "/vulnerabilities/CVE-2021-44228/48621", + "cve": "CVE-2021-45105", + "id": "pyup.io-48623", + "more_info_path": "/vulnerabilities/CVE-2021-45105/48623", "specs": [ ">=0.4.0,<0.4.1" ], @@ -8922,9 +8937,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "PVE-2021-42426", - "id": "pyup.io-48620", - "more_info_path": "/vulnerabilities/PVE-2021-42426/48620", + "cve": "CVE-2021-45046", + "id": "pyup.io-48622", + "more_info_path": "/vulnerabilities/CVE-2021-45046/48622", "specs": [ ">=0.4.0,<0.4.1" ], @@ -8932,9 +8947,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-45105", - "id": "pyup.io-48623", - "more_info_path": "/vulnerabilities/CVE-2021-45105/48623", + "cve": "CVE-2021-44832", + "id": "pyup.io-48624", + "more_info_path": "/vulnerabilities/CVE-2021-44832/48624", "specs": [ ">=0.4.0,<0.4.1" ], @@ -8942,9 +8957,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-45046", - "id": "pyup.io-48622", - "more_info_path": "/vulnerabilities/CVE-2021-45046/48622", + "cve": "PVE-2021-42426", + "id": "pyup.io-48620", + "more_info_path": "/vulnerabilities/PVE-2021-42426/48620", "specs": [ ">=0.4.0,<0.4.1" ], @@ -8952,9 +8967,9 @@ }, { "advisory": "Autogluon 0.4.1 updates its dependency 'ray' minimum requirement to v1.10.0 to include security fixes.", - "cve": "CVE-2021-44832", - "id": "pyup.io-48624", - "more_info_path": "/vulnerabilities/CVE-2021-44832/48624", + "cve": "CVE-2021-44228", + "id": "pyup.io-48621", + "more_info_path": "/vulnerabilities/CVE-2021-44228/48621", "specs": [ ">=0.4.0,<0.4.1" ], @@ -9477,6 +9492,18 @@ "v": "<=0.1.0" } ], + "aws-sam-cli": [ + { + "advisory": "Aws-sam-cli 1.51.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/aws/aws-sam-cli/pull/3905", + "cve": "PVE-2023-59624", + "id": "pyup.io-59624", + "more_info_path": "/vulnerabilities/PVE-2023-59624/59624", + "specs": [ + "<1.51.0" + ], + "v": "<1.51.0" + } + ], "aws-v4signer": [ { "advisory": "Aws-v4signer version 0.6 updates its dependency 'pyyaml' to v5.4 to include security fixes.", @@ -9554,6 +9581,16 @@ ], "v": "<1.11.83" }, + { + "advisory": "Awscli 1.16.213 includes a fix for a Race Condition vulnerability on Windows clients.\r\nhttps://github.com/aws/aws-cli/issues/4247", + "cve": "PVE-2023-59546", + "id": "pyup.io-59546", + "more_info_path": "/vulnerabilities/PVE-2023-59546/59546", + "specs": [ + "<1.16.213" + ], + "v": "<1.16.213" + }, { "advisory": "Awscli 1.27.90 includes a fix for a potential low-serverity ReDoS vulnerability: An attacker being able to craft a malicious nuget.config file can cause ReDoS, when a user performs Nuget or Dotnet login.\r\nhttps://github.com/aws/aws-cli/commit/68ad24c36b4e3f6936e3d1dc76fda39d2d1fe764", "cve": "PVE-2023-58911", @@ -9623,20 +9660,20 @@ "v": "<1.5.18" }, { - "advisory": "Awsiotsdk 1.6.1 includes a fix for CVE-2021-40830: The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system\u2019s default trust-store. Attackers with access to a host\u2019s trust stores or able to compromise a certificate authority already in the host's trust-store (note: the attacker must also be able to spoof DNS in this case), may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust-store to correct this issue.\r\nhttps://github.com/aws/aws-iot-device-sdk-python-v2", - "cve": "CVE-2021-40830", - "id": "pyup.io-42782", - "more_info_path": "/vulnerabilities/CVE-2021-40830/42782", + "advisory": "Awsiotsdk 1.6.1 includes a fix for CVE-2021-40829: Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS.", + "cve": "CVE-2021-40829", + "id": "pyup.io-42781", + "more_info_path": "/vulnerabilities/CVE-2021-40829/42781", "specs": [ "<1.6.1" ], "v": "<1.6.1" }, { - "advisory": "Awsiotsdk 1.6.1 includes a fix for CVE-2021-40829: Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS.", - "cve": "CVE-2021-40829", - "id": "pyup.io-42781", - "more_info_path": "/vulnerabilities/CVE-2021-40829/42781", + "advisory": "Awsiotsdk 1.6.1 includes a fix for CVE-2021-40830: The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system\u2019s default trust-store. Attackers with access to a host\u2019s trust stores or able to compromise a certificate authority already in the host's trust-store (note: the attacker must also be able to spoof DNS in this case), may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust-store to correct this issue.\r\nhttps://github.com/aws/aws-iot-device-sdk-python-v2", + "cve": "CVE-2021-40830", + "id": "pyup.io-42782", + "more_info_path": "/vulnerabilities/CVE-2021-40830/42782", "specs": [ "<1.6.1" ], @@ -10219,9 +10256,9 @@ }, { "advisory": "Bento-lib 6.0.1 updates its dependency 'redis' to v4.5.4 to include security fixes.", - "cve": "CVE-2023-28859", - "id": "pyup.io-54854", - "more_info_path": "/vulnerabilities/CVE-2023-28859/54854", + "cve": "CVE-2023-28858", + "id": "pyup.io-54855", + "more_info_path": "/vulnerabilities/CVE-2023-28858/54855", "specs": [ "<6.0.1" ], @@ -10229,9 +10266,9 @@ }, { "advisory": "Bento-lib 6.0.1 updates its dependency 'redis' to v4.5.4 to include security fixes.", - "cve": "CVE-2023-28858", - "id": "pyup.io-54855", - "more_info_path": "/vulnerabilities/CVE-2023-28858/54855", + "cve": "CVE-2023-28859", + "id": "pyup.io-54854", + "more_info_path": "/vulnerabilities/CVE-2023-28859/54854", "specs": [ "<6.0.1" ], @@ -10339,6 +10376,16 @@ } ], "bigdl": [ + { + "advisory": "Bigdl 0.5.0 includes a fix for a Race Condition vulnerability in Spark 1.6.\r\nhttps://github.com/intel-analytics/BigDL/pull/2363", + "cve": "PVE-2023-59598", + "id": "pyup.io-59598", + "more_info_path": "/vulnerabilities/PVE-2023-59598/59598", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + }, { "advisory": "Bigdl 0.8.0 fixes the scala compiler security issue in 2.10 & 2.11", "cve": "PVE-2021-37576", @@ -10349,6 +10396,16 @@ ], "v": "<0.8.0" }, + { + "advisory": "Bigdl 2.0.0 updates its Maven dependency 'http.version' to v10.1.15 to include security fixes.", + "cve": "CVE-2021-23339", + "id": "pyup.io-45840", + "more_info_path": "/vulnerabilities/CVE-2021-23339/45840", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Bigdl 2.0.0 updates its Maven dependency 'http.version' to v10.1.15 to include security fixes.", "cve": "CVE-2021-42697", @@ -10369,16 +10426,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Bigdl 2.0.0 updates its Maven dependency 'http.version' to v10.1.15 to include security fixes.", - "cve": "CVE-2021-23339", - "id": "pyup.io-45840", - "more_info_path": "/vulnerabilities/CVE-2021-23339/45840", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Bigdl 2.1.0 updates its Maven dependency 'protobuf-java' to v3.19.2 to include a security fix.", "cve": "CVE-2021-22569", @@ -10400,10 +10447,10 @@ "v": "<2.1.0" }, { - "advisory": "Bigdl 2.3.0 includes a security fix in its 'dlib' library: Reflected XSS All Clients in TorchFile.scala.\r\nhttps://github.com/intel-analytics/BigDL/pull/7731", - "cve": "PVE-2023-55131", - "id": "pyup.io-55131", - "more_info_path": "/vulnerabilities/PVE-2023-55131/55131", + "advisory": "Bigdl 2.3.0 replaces part of pickle to json to avoid a security issue.\r\nhttps://github.com/intel-analytics/BigDL/pull/8009", + "cve": "PVE-2023-55137", + "id": "pyup.io-55137", + "more_info_path": "/vulnerabilities/PVE-2023-55137/55137", "specs": [ "<2.3.0" ], @@ -10450,10 +10497,10 @@ "v": "<2.3.0" }, { - "advisory": "Bigdl 2.3.0 replaces part of pickle to json to avoid a security issue.\r\nhttps://github.com/intel-analytics/BigDL/pull/8009", - "cve": "PVE-2023-55137", - "id": "pyup.io-55137", - "more_info_path": "/vulnerabilities/PVE-2023-55137/55137", + "advisory": "Bigdl 2.3.0 includes a security fix in its 'dlib' library: Reflected XSS All Clients in TorchFile.scala.\r\nhttps://github.com/intel-analytics/BigDL/pull/7731", + "cve": "PVE-2023-55131", + "id": "pyup.io-55131", + "more_info_path": "/vulnerabilities/PVE-2023-55131/55131", "specs": [ "<2.3.0" ], @@ -10484,20 +10531,20 @@ ], "bikeshed": [ { - "advisory": "Bikeshed version 3.0.0 includes a fix for CVE-2021-23423:\r\nWhen an untrusted source file containing include, include-code or include-raw block is processed, the contents of arbitrary files could be disclosed in the HTML output.\r\nhttps://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd", - "cve": "CVE-2021-23423", - "id": "pyup.io-41180", - "more_info_path": "/vulnerabilities/CVE-2021-23423/41180", + "advisory": "Bikeshed version 3.0.0 includes a fix for CVE-2021-23422:\r\nWhen an untrusted source file containing Inline Tag Command metadata is processed or when an arbitrary OS command is executed, the command output would be included in the HTML output.\r\nhttps://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd", + "cve": "CVE-2021-23422", + "id": "pyup.io-41179", + "more_info_path": "/vulnerabilities/CVE-2021-23422/41179", "specs": [ "<3.0.0" ], "v": "<3.0.0" }, { - "advisory": "Bikeshed version 3.0.0 includes a fix for CVE-2021-23422:\r\nWhen an untrusted source file containing Inline Tag Command metadata is processed or when an arbitrary OS command is executed, the command output would be included in the HTML output.\r\nhttps://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd", - "cve": "CVE-2021-23422", - "id": "pyup.io-41179", - "more_info_path": "/vulnerabilities/CVE-2021-23422/41179", + "advisory": "Bikeshed version 3.0.0 includes a fix for CVE-2021-23423:\r\nWhen an untrusted source file containing include, include-code or include-raw block is processed, the contents of arbitrary files could be disclosed in the HTML output.\r\nhttps://github.com/tabatkins/bikeshed/commit/b2f668fca204260b1cad28d5078e93471cb6b2dd", + "cve": "CVE-2021-23423", + "id": "pyup.io-41180", + "more_info_path": "/vulnerabilities/CVE-2021-23423/41180", "specs": [ "<3.0.0" ], @@ -10542,7 +10589,7 @@ ], "binwalk": [ { - "advisory": "A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 can address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.", + "advisory": "A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.", "cve": "CVE-2021-4287", "id": "pyup.io-54630", "more_info_path": "/vulnerabilities/CVE-2021-4287/54630", @@ -10642,6 +10689,116 @@ "<3.4.3" ], "v": "<3.4.3" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0216", + "id": "pyup.io-59613", + "more_info_path": "/vulnerabilities/CVE-2023-0216/59613", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Timing Attack vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4304", + "id": "pyup.io-59612", + "more_info_path": "/vulnerabilities/CVE-2022-4304/59612", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4203", + "id": "pyup.io-59614", + "more_info_path": "/vulnerabilities/CVE-2022-4203/59614", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-4450", + "id": "pyup.io-59615", + "more_info_path": "/vulnerabilities/CVE-2022-4450/59615", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0217", + "id": "pyup.io-59609", + "more_info_path": "/vulnerabilities/CVE-2023-0217/59609", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-2650", + "id": "pyup.io-59533", + "more_info_path": "/vulnerabilities/CVE-2023-2650/59533", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix an Expected Behavior Violation vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-23931", + "id": "pyup.io-59616", + "more_info_path": "/vulnerabilities/CVE-2023-23931/59616", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Type Confusion vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0286", + "id": "pyup.io-59611", + "more_info_path": "/vulnerabilities/CVE-2023-0286/59611", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2022-3996", + "id": "pyup.io-59617", + "more_info_path": "/vulnerabilities/CVE-2022-3996/59617", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Denial of Service vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0401", + "id": "pyup.io-59608", + "more_info_path": "/vulnerabilities/CVE-2023-0401/59608", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" + }, + { + "advisory": "Bittensor 5.3.1 updates its dependency 'cryptography' to version '41.0.0' to fix a Use After Free vulnerability.\r\nhttps://github.com/opentensor/bittensor/commit/91d13b0fa711621cbf823708d4368b1b387e42c4", + "cve": "CVE-2023-0215", + "id": "pyup.io-59610", + "more_info_path": "/vulnerabilities/CVE-2023-0215/59610", + "specs": [ + "<5.3.1" + ], + "v": "<5.3.1" } ], "biweeklybudget": [ @@ -11038,10 +11195,10 @@ "v": "<1.2.0" }, { - "advisory": "Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.", - "cve": "CVE-2019-11358", - "id": "pyup.io-45293", - "more_info_path": "/vulnerabilities/CVE-2019-11358/45293", + "advisory": "Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.", + "cve": "PVE-2022-45295", + "id": "pyup.io-45295", + "more_info_path": "/vulnerabilities/PVE-2022-45295/45295", "specs": [ "<1.2.0" ], @@ -11050,18 +11207,18 @@ { "advisory": "Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.", "cve": "CVE-2019-11358", - "id": "pyup.io-45294", - "more_info_path": "/vulnerabilities/CVE-2019-11358/45294", + "id": "pyup.io-45293", + "more_info_path": "/vulnerabilities/CVE-2019-11358/45293", "specs": [ "<1.2.0" ], "v": "<1.2.0" }, { - "advisory": "Bokeh 1.2.0 updates its NPM dependency 'js-yaml' to v3.13.1 to include a security fix.", - "cve": "PVE-2022-45295", - "id": "pyup.io-45295", - "more_info_path": "/vulnerabilities/PVE-2022-45295/45295", + "advisory": "Bokeh 1.2.0 updates its NPM dependency 'jquery' to v3.4.0 to include security fixes.", + "cve": "CVE-2019-11358", + "id": "pyup.io-45294", + "more_info_path": "/vulnerabilities/CVE-2019-11358/45294", "specs": [ "<1.2.0" ], @@ -11069,9 +11226,9 @@ }, { "advisory": "Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.", - "cve": "CVE-2021-41182", - "id": "pyup.io-42772", - "more_info_path": "/vulnerabilities/CVE-2021-41182/42772", + "cve": "CVE-2021-41183", + "id": "pyup.io-42814", + "more_info_path": "/vulnerabilities/CVE-2021-41183/42814", "specs": [ "<2.4.2" ], @@ -11079,9 +11236,9 @@ }, { "advisory": "Bokeh 2.4.2 updates its dependency 'jquery-ui' to v1.13.0 to include security fixes.", - "cve": "CVE-2021-41183", - "id": "pyup.io-42814", - "more_info_path": "/vulnerabilities/CVE-2021-41183/42814", + "cve": "CVE-2021-41182", + "id": "pyup.io-42772", + "more_info_path": "/vulnerabilities/CVE-2021-41182/42772", "specs": [ "<2.4.2" ], @@ -11202,6 +11359,16 @@ "<1.4.5" ], "v": "<1.4.5" + }, + { + "advisory": "Boto3 1.6.12 updates its dependency 'botocore' to version '1.9.12' to include a fix for a Race Condition vulnerability.\r\nhttps://github.com/boto/boto3/commit/71331aad6060e51db42f0c43be4ed34857845647", + "cve": "PVE-2023-59547", + "id": "pyup.io-59549", + "more_info_path": "/vulnerabilities/PVE-2023-59547/59549", + "specs": [ + "<1.6.12" + ], + "v": "<1.6.12" } ], "boto33": [ @@ -11240,6 +11407,18 @@ "v": ">=0" } ], + "botocore": [ + { + "advisory": "Botocore 1.9.12 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/boto/botocore/pull/1405", + "cve": "PVE-2023-59547", + "id": "pyup.io-59547", + "more_info_path": "/vulnerabilities/PVE-2023-59547/59547", + "specs": [ + "<1.9.12" + ], + "v": "<1.9.12" + } + ], "botoo": [ { "advisory": "Botoo is a malicious package, pytosquatting the popular package 'boto3'. It contains a base64 encoded payload in '__init__.py' file that retrieves your current username, platform and IP information.", @@ -11571,9 +11750,9 @@ "bzt": [ { "advisory": "Bzt 1.16.2 updates its dependency 'jmeter' to v5.4.2 to include security fixes.\r\nhttps://github.com/Blazemeter/taurus/commit/f7fb13fed9ca4f871a3426c3c26fb3e86beb329a", - "cve": "CVE-2021-44228", - "id": "pyup.io-43430", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43430", + "cve": "CVE-2021-45046", + "id": "pyup.io-43431", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43431", "specs": [ "<1.16.2" ], @@ -11581,9 +11760,9 @@ }, { "advisory": "Bzt 1.16.2 updates its dependency 'jmeter' to v5.4.2 to include security fixes.\r\nhttps://github.com/Blazemeter/taurus/commit/f7fb13fed9ca4f871a3426c3c26fb3e86beb329a", - "cve": "CVE-2021-45046", - "id": "pyup.io-43431", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43431", + "cve": "CVE-2021-44228", + "id": "pyup.io-43430", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43430", "specs": [ "<1.16.2" ], @@ -11623,9 +11802,9 @@ }, { "advisory": "C2cwsgiutils 4.0.0 updates its dependency 'pipenv' to v2020.5.28 to include security fixes.", - "cve": "CVE-2019-11236", - "id": "pyup.io-53059", - "more_info_path": "/vulnerabilities/CVE-2019-11236/53059", + "cve": "CVE-2019-11324", + "id": "pyup.io-53060", + "more_info_path": "/vulnerabilities/CVE-2019-11324/53060", "specs": [ "<4.0.0" ], @@ -11633,29 +11812,29 @@ }, { "advisory": "C2cwsgiutils 4.0.0 updates its dependency 'pipenv' to v2020.5.28 to include security fixes.", - "cve": "CVE-2019-11324", - "id": "pyup.io-53060", - "more_info_path": "/vulnerabilities/CVE-2019-11324/53060", + "cve": "CVE-2019-11236", + "id": "pyup.io-53059", + "more_info_path": "/vulnerabilities/CVE-2019-11236/53059", "specs": [ "<4.0.0" ], "v": "<4.0.0" }, { - "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'mako' to v1.2.2 to include a security fix.", - "cve": "CVE-2022-40023", - "id": "pyup.io-53014", - "more_info_path": "/vulnerabilities/CVE-2022-40023/53014", + "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'lxml' to v4.6.3 to include a security fix.", + "cve": "CVE-2021-28957", + "id": "pyup.io-53061", + "more_info_path": "/vulnerabilities/CVE-2021-28957/53061", "specs": [ "<4.1.2" ], "v": "<4.1.2" }, { - "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'lxml' to v4.6.3 to include a security fix.", - "cve": "CVE-2021-28957", - "id": "pyup.io-53061", - "more_info_path": "/vulnerabilities/CVE-2021-28957/53061", + "advisory": "C2cwsgiutils 4.1.2 updates its dependency 'mako' to v1.2.2 to include a security fix.", + "cve": "CVE-2022-40023", + "id": "pyup.io-53014", + "more_info_path": "/vulnerabilities/CVE-2022-40023/53014", "specs": [ "<4.1.2" ], @@ -12515,9 +12694,9 @@ "certbot-dns-duckdns": [ { "advisory": "Certbot-dns-duckdns 1.3 updates its dependency 'cryptography' to latest version in the docker image, to include security fixes.", - "cve": "CVE-2023-0401", - "id": "pyup.io-53624", - "more_info_path": "/vulnerabilities/CVE-2023-0401/53624", + "cve": "CVE-2023-0216", + "id": "pyup.io-53630", + "more_info_path": "/vulnerabilities/CVE-2023-0216/53630", "specs": [ "<1.3" ], @@ -12525,9 +12704,9 @@ }, { "advisory": "Certbot-dns-duckdns 1.3 updates its dependency 'cryptography' to latest version in the docker image, to include security fixes.", - "cve": "CVE-2023-0217", - "id": "pyup.io-53628", - "more_info_path": "/vulnerabilities/CVE-2023-0217/53628", + "cve": "CVE-2023-0215", + "id": "pyup.io-53629", + "more_info_path": "/vulnerabilities/CVE-2023-0215/53629", "specs": [ "<1.3" ], @@ -12535,9 +12714,9 @@ }, { "advisory": "Certbot-dns-duckdns 1.3 updates its dependency 'cryptography' to latest version in the docker image, to include security fixes.", - "cve": "CVE-2023-0215", - "id": "pyup.io-53629", - "more_info_path": "/vulnerabilities/CVE-2023-0215/53629", + "cve": "CVE-2023-0401", + "id": "pyup.io-53624", + "more_info_path": "/vulnerabilities/CVE-2023-0401/53624", "specs": [ "<1.3" ], @@ -12545,9 +12724,9 @@ }, { "advisory": "Certbot-dns-duckdns 1.3 updates its dependency 'cryptography' to latest version in the docker image, to include security fixes.", - "cve": "CVE-2023-0216", - "id": "pyup.io-53630", - "more_info_path": "/vulnerabilities/CVE-2023-0216/53630", + "cve": "CVE-2023-0217", + "id": "pyup.io-53628", + "more_info_path": "/vulnerabilities/CVE-2023-0217/53628", "specs": [ "<1.3" ], @@ -12557,9 +12736,9 @@ "certbot-dns-porkbun": [ { "advisory": "Certbot-dns-porkbun 0.8 updates 'cryptography' to v39.0.1 in Docker image to include security fixes.\r\nhttps://github.com/infinityofspace/certbot_dns_porkbun/commit/789959d75ef65b9e6e7fdf0651254bf18378b0a9", - "cve": "CVE-2023-0215", - "id": "pyup.io-53621", - "more_info_path": "/vulnerabilities/CVE-2023-0215/53621", + "cve": "CVE-2023-0217", + "id": "pyup.io-53620", + "more_info_path": "/vulnerabilities/CVE-2023-0217/53620", "specs": [ "<0.8" ], @@ -12567,9 +12746,9 @@ }, { "advisory": "Certbot-dns-porkbun 0.8 updates 'cryptography' to v39.0.1 in Docker image to include security fixes.\r\nhttps://github.com/infinityofspace/certbot_dns_porkbun/commit/789959d75ef65b9e6e7fdf0651254bf18378b0a9", - "cve": "CVE-2023-0217", - "id": "pyup.io-53620", - "more_info_path": "/vulnerabilities/CVE-2023-0217/53620", + "cve": "CVE-2023-0215", + "id": "pyup.io-53621", + "more_info_path": "/vulnerabilities/CVE-2023-0215/53621", "specs": [ "<0.8" ], @@ -12640,6 +12819,16 @@ "<2022.12.07" ], "v": "<2022.12.07" + }, + { + "advisory": "Certifi 2023.07.22 includes a fix for a vulnerability. Prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store.\r\nhttps://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909\r\nhttps://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7", + "cve": "CVE-2023-37920", + "id": "pyup.io-59956", + "more_info_path": "/vulnerabilities/CVE-2023-37920/59956", + "specs": [ + ">=2015.04.28,<2023.07.22" + ], + "v": ">=2015.04.28,<2023.07.22" } ], "certifie": [ @@ -12828,6 +13017,18 @@ "v": "<0.4.1" } ], + "changedetection-io": [ + { + "advisory": "Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the \"Add a new change detection watch\" function.\r\n\r\nAlias(es):\r\nGHSA-68wj-c2jw-5pp9\r\nPYSEC-2023-10", + "cve": "CVE-2023-24769", + "id": "pyup.io-59565", + "more_info_path": "/vulnerabilities/CVE-2023-24769/59565", + "specs": [ + "<0.40.1.1" + ], + "v": "<0.40.1.1" + } + ], "chanjo-report": [ { "advisory": "Chanjo-report 2.4.0 removes a link to the \"index\" page from the report (security).", @@ -13522,6 +13723,16 @@ ], "v": "<2.4.0" }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-37689", + "id": "pyup.io-44381", + "more_info_path": "/vulnerabilities/CVE-2021-37689/44381", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, { "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", "cve": "CVE-2021-29562", @@ -14124,9 +14335,9 @@ }, { "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-37689", - "id": "pyup.io-44381", - "more_info_path": "/vulnerabilities/CVE-2021-37689/44381", + "cve": "CVE-2021-37669", + "id": "pyup.io-44361", + "more_info_path": "/vulnerabilities/CVE-2021-37669/44361", "specs": [ "<2.4.0" ], @@ -14182,6 +14393,196 @@ ], "v": "<2.4.0" }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-37664", + "id": "pyup.io-44356", + "more_info_path": "/vulnerabilities/CVE-2021-37664/44356", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-37682", + "id": "pyup.io-44374", + "more_info_path": "/vulnerabilities/CVE-2021-37682/44374", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15208", + "id": "pyup.io-44194", + "more_info_path": "/vulnerabilities/CVE-2020-15208/44194", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29548", + "id": "pyup.io-44253", + "more_info_path": "/vulnerabilities/CVE-2021-29548/44253", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15190", + "id": "pyup.io-44176", + "more_info_path": "/vulnerabilities/CVE-2020-15190/44176", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15191", + "id": "pyup.io-44177", + "more_info_path": "/vulnerabilities/CVE-2020-15191/44177", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15194", + "id": "pyup.io-44180", + "more_info_path": "/vulnerabilities/CVE-2020-15194/44180", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15203", + "id": "pyup.io-44189", + "more_info_path": "/vulnerabilities/CVE-2020-15203/44189", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15206", + "id": "pyup.io-44192", + "more_info_path": "/vulnerabilities/CVE-2020-15206/44192", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2020-15266", + "id": "pyup.io-44202", + "more_info_path": "/vulnerabilities/CVE-2020-15266/44202", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29516", + "id": "pyup.io-44221", + "more_info_path": "/vulnerabilities/CVE-2021-29516/44221", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29519", + "id": "pyup.io-44224", + "more_info_path": "/vulnerabilities/CVE-2021-29519/44224", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29524", + "id": "pyup.io-44229", + "more_info_path": "/vulnerabilities/CVE-2021-29524/44229", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29530", + "id": "pyup.io-44235", + "more_info_path": "/vulnerabilities/CVE-2021-29530/44235", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29533", + "id": "pyup.io-44238", + "more_info_path": "/vulnerabilities/CVE-2021-29533/44238", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29535", + "id": "pyup.io-44240", + "more_info_path": "/vulnerabilities/CVE-2021-29535/44240", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29537", + "id": "pyup.io-44242", + "more_info_path": "/vulnerabilities/CVE-2021-29537/44242", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29539", + "id": "pyup.io-44244", + "more_info_path": "/vulnerabilities/CVE-2021-29539/44244", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, + { + "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", + "cve": "CVE-2021-29549", + "id": "pyup.io-44254", + "more_info_path": "/vulnerabilities/CVE-2021-29549/44254", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, { "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", "cve": "CVE-2021-37638", @@ -15132,206 +15533,6 @@ ], "v": "<2.4.0" }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-37669", - "id": "pyup.io-44361", - "more_info_path": "/vulnerabilities/CVE-2021-37669/44361", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-37664", - "id": "pyup.io-44356", - "more_info_path": "/vulnerabilities/CVE-2021-37664/44356", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-37682", - "id": "pyup.io-44374", - "more_info_path": "/vulnerabilities/CVE-2021-37682/44374", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15208", - "id": "pyup.io-44194", - "more_info_path": "/vulnerabilities/CVE-2020-15208/44194", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29548", - "id": "pyup.io-44253", - "more_info_path": "/vulnerabilities/CVE-2021-29548/44253", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15190", - "id": "pyup.io-44176", - "more_info_path": "/vulnerabilities/CVE-2020-15190/44176", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15191", - "id": "pyup.io-44177", - "more_info_path": "/vulnerabilities/CVE-2020-15191/44177", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15194", - "id": "pyup.io-44180", - "more_info_path": "/vulnerabilities/CVE-2020-15194/44180", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15203", - "id": "pyup.io-44189", - "more_info_path": "/vulnerabilities/CVE-2020-15203/44189", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15206", - "id": "pyup.io-44192", - "more_info_path": "/vulnerabilities/CVE-2020-15206/44192", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2020-15266", - "id": "pyup.io-44202", - "more_info_path": "/vulnerabilities/CVE-2020-15266/44202", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29516", - "id": "pyup.io-44221", - "more_info_path": "/vulnerabilities/CVE-2021-29516/44221", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29519", - "id": "pyup.io-44224", - "more_info_path": "/vulnerabilities/CVE-2021-29519/44224", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29524", - "id": "pyup.io-44229", - "more_info_path": "/vulnerabilities/CVE-2021-29524/44229", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29530", - "id": "pyup.io-44235", - "more_info_path": "/vulnerabilities/CVE-2021-29530/44235", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29533", - "id": "pyup.io-44238", - "more_info_path": "/vulnerabilities/CVE-2021-29533/44238", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29535", - "id": "pyup.io-44240", - "more_info_path": "/vulnerabilities/CVE-2021-29535/44240", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29537", - "id": "pyup.io-44242", - "more_info_path": "/vulnerabilities/CVE-2021-29537/44242", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29539", - "id": "pyup.io-44244", - "more_info_path": "/vulnerabilities/CVE-2021-29539/44244", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, - { - "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", - "cve": "CVE-2021-29549", - "id": "pyup.io-44254", - "more_info_path": "/vulnerabilities/CVE-2021-29549/44254", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, { "advisory": "Chia 2.4.0 updates Tensorflow to v2.4.3 to include security fixes.", "cve": "CVE-2021-37674", @@ -15752,16 +15953,6 @@ ], "v": "<=2.5.0" }, - { - "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", - "cve": "CVE-2022-23563", - "id": "pyup.io-46853", - "more_info_path": "/vulnerabilities/CVE-2022-23563/46853", - "specs": [ - "<=2.5.0" - ], - "v": "<=2.5.0" - }, { "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", "cve": "CVE-2022-23564", @@ -15912,16 +16103,6 @@ ], "v": "<=2.5.0" }, - { - "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", - "cve": "CVE-2022-23580", - "id": "pyup.io-46870", - "more_info_path": "/vulnerabilities/CVE-2022-23580/46870", - "specs": [ - "<=2.5.0" - ], - "v": "<=2.5.0" - }, { "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", "cve": "CVE-2022-23581", @@ -15942,16 +16123,6 @@ ], "v": "<=2.5.0" }, - { - "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", - "cve": "CVE-2022-23583", - "id": "pyup.io-46873", - "more_info_path": "/vulnerabilities/CVE-2022-23583/46873", - "specs": [ - "<=2.5.0" - ], - "v": "<=2.5.0" - }, { "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", "cve": "CVE-2022-23584", @@ -16271,6 +16442,36 @@ "<=2.5.0" ], "v": "<=2.5.0" + }, + { + "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", + "cve": "CVE-2022-23563", + "id": "pyup.io-46853", + "more_info_path": "/vulnerabilities/CVE-2022-23563/46853", + "specs": [ + "<=2.5.0" + ], + "v": "<=2.5.0" + }, + { + "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", + "cve": "CVE-2022-23583", + "id": "pyup.io-46873", + "more_info_path": "/vulnerabilities/CVE-2022-23583/46873", + "specs": [ + "<=2.5.0" + ], + "v": "<=2.5.0" + }, + { + "advisory": "Chia versions 2.5.0 and prior require as minimum dependency TensorFlow v2.6.0 or lower, that have several known vulnerabilities.", + "cve": "CVE-2022-23580", + "id": "pyup.io-46870", + "more_info_path": "/vulnerabilities/CVE-2022-23580/46870", + "specs": [ + "<=2.5.0" + ], + "v": "<=2.5.0" } ], "chia-blockchain": [ @@ -16295,7 +16496,7 @@ "v": "<1.0b27" }, { - "advisory": "Chia-blockchain 1.0b27 updates its dependency 'pyyaml' to v5.4.1 to include a security fix.", + "advisory": "Chia-blockchain 1.0b27 updates its dependency 'pyyaml' to v5.4.1 to include a security fix.\r\nhttps://github.com/Chia-Network/chia-blockchain/commit/c3eae20b877a85eface0d4043abb5777fad3acf4", "cve": "CVE-2020-14343", "id": "pyup.io-42367", "more_info_path": "/vulnerabilities/CVE-2020-14343/42367", @@ -16335,7 +16536,7 @@ "v": "<1.0beta8" }, { - "advisory": "Chia-blockchain 1.0rc5 updates the 'aiohttp' dependency to 3.7.4 to address a low severity security issue.", + "advisory": "Chia-blockchain 1.0rc5 updates the 'aiohttp' dependency to 3.7.4 to address a low severity security issue.\r\nhttps://github.com/Chia-Network/chia-blockchain/commit/f0a598b1a592ce4d7a8981b1b372e75452d8ea11\r\nhttps://github.com/advisories/GHSA-v6wp-4m6f-gcjg", "cve": "CVE-2021-21330", "id": "pyup.io-39672", "more_info_path": "/vulnerabilities/CVE-2021-21330/39672", @@ -16355,15 +16556,35 @@ "v": "<1.0rc6" }, { - "advisory": "Chia-blockchain 1.3.3 includes a fix for OpenSSL vulnerability CVE-2022-0778.", + "advisory": "Chia-blockchain 1.3.2 includes a fix for a Denial of Service vulnerability on OpenSSL. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.\r\nhttps://github.com/Chia-Network/chia-blockchain/pull/10988\r\nhttps://github.com/Chia-Network/chia-blockchain/pull/10991", "cve": "CVE-2022-0778", - "id": "pyup.io-48197", - "more_info_path": "/vulnerabilities/CVE-2022-0778/48197", + "id": "pyup.io-59381", + "more_info_path": "/vulnerabilities/CVE-2022-0778/59381", + "specs": [ + "<1.3.2" + ], + "v": "<1.3.2" + }, + { + "advisory": "Chia-blockchain 1.3.3 includes a fix for the OpenSSL vulnerability for the Windows installer.\r\nhttps://github.com/Chia-Network/chia-blockchain/pull/11011", + "cve": "CVE-2022-0778", + "id": "pyup.io-59380", + "more_info_path": "/vulnerabilities/CVE-2022-0778/59380", "specs": [ "<1.3.3" ], "v": "<1.3.3" }, + { + "advisory": "Chia-blockchain 1.4.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/Chia-Network/chia-blockchain/pull/11324", + "cve": "PVE-2023-59663", + "id": "pyup.io-59663", + "more_info_path": "/vulnerabilities/PVE-2023-59663/59663", + "specs": [ + "<1.4.0" + ], + "v": "<1.4.0" + }, { "advisory": "Chia-blockchain 1.5.0 includes a fix for CVE-2022-36447: Tokens previously minted on the Chia blockchain using the 'CAT1' standard can be inflated in arbitrary amounts by any holder of the token. Total amount of the token can be increased as high as the malicious actor pleases. This is true for every 'CAT1' on the Chia blockchain, regardless of issuance rules. This attack is auditable on-chain, so maliciously altered coins can potentially be \"marked\" by off-chain observers as malicious.", "cve": "CVE-2022-36447", @@ -16375,6 +16596,18 @@ "v": "<1.5.0" } ], + "chiapos": [ + { + "advisory": "Chiapos 1.0.12b3 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/Chia-Network/chiapos/pull/349", + "cve": "PVE-2023-59535", + "id": "pyup.io-59535", + "more_info_path": "/vulnerabilities/PVE-2023-59535/59535", + "specs": [ + "<1.0.12b3" + ], + "v": "<1.0.12b3" + } + ], "chiavdf": [ { "advisory": "Chiavdf 1.0 includes a fix to prevent potential grinding attacks.\r\nhttps://github.com/Chia-Network/chiavdf/commit/2f2dc55b8c11597d0674a1f347bfbefd0efcafa3", @@ -16493,16 +16726,6 @@ ], "v": "<7.0.2,>=8.0.0,<8.1.1" }, - { - "advisory": "Cinder 22.0.1 includes a fix for CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.\r\nhttps://opendev.org/openstack/cinder/commit/68fdc323369943f494541a3510e71290b091359f", - "cve": "CVE-2023-2088", - "id": "pyup.io-58700", - "more_info_path": "/vulnerabilities/CVE-2023-2088/58700", - "specs": [ - "<=22.0.0" - ], - "v": "<=22.0.0" - }, { "advisory": "The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.", "cve": "CVE-2013-1068", @@ -16522,6 +16745,18 @@ ">=2010,<2014.1.3" ], "v": ">=2010,<2014.1.3" + }, + { + "advisory": "Cinder 22.1.0, 21.3.0 and 20.3.0 include a fix for CVE-2023-2088: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.\r\nhttps://opendev.org/openstack/cinder/commit/68fdc323369943f494541a3510e71290b091359f\r\nhttps://bugs.launchpad.net/nova/+bug/2004555", + "cve": "CVE-2023-2088", + "id": "pyup.io-58700", + "more_info_path": "/vulnerabilities/CVE-2023-2088/58700", + "specs": [ + ">=22.0.0.0rc1,<22.1.0", + ">=21.0.0.0rc2,<21.3.0", + "<20.3.0" + ], + "v": ">=22.0.0.0rc1,<22.1.0,>=21.0.0.0rc2,<21.3.0,<20.3.0" } ], "cipher-googlepam": [ @@ -16594,6 +16829,18 @@ "v": "<1.2.7" } ], + "citrine": [ + { + "advisory": "Citrine 0.115.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/CitrineInformatics/citrine-python/pull/571", + "cve": "PVE-2023-59618", + "id": "pyup.io-59618", + "more_info_path": "/vulnerabilities/PVE-2023-59618/59618", + "specs": [ + "<0.115.0" + ], + "v": "<0.115.0" + } + ], "ck": [ { "advisory": "Ck 1.7.1 fixes a server vulnerability (action with ; can run various CMD commands).\r\nhttps://github.com/mlcommons/ck/commit/ac16bf54a03c1d13832f9bbef9c3cf1039583f28", @@ -16806,7 +17053,7 @@ ], "cleo": [ { - "advisory": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method.", + "advisory": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI package, when an attacker is able to supply arbitrary input to the Table.set_rows method\r\nhttps://github.com/python-poetry/cleo/pull/285", "cve": "CVE-2022-42966", "id": "pyup.io-54559", "more_info_path": "/vulnerabilities/CVE-2022-42966/54559", @@ -17284,6 +17531,16 @@ } ], "codechecker": [ + { + "advisory": "Codechecker 6.18.2 includes a fix for a XSS vulnerability. To solve this problem the server will always return the escaped version of these values which can be safely rendered on the UI.\r\nhttps://github.com/Ericsson/codechecker/pull/3549", + "cve": "PVE-2023-59888", + "id": "pyup.io-59888", + "more_info_path": "/vulnerabilities/PVE-2023-59888/59888", + "specs": [ + "<6.18.2" + ], + "v": "<6.18.2" + }, { "advisory": "In Ericsson CodeChecker prior to 6.18.2, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API.", "cve": "CVE-2021-44217", @@ -17387,17 +17644,49 @@ "v": "<=1.6" } ], - "collective-contact-core": [ + "coldsweat": [ { - "advisory": "Collective.contact.core 1.10 fixes a security issue related to AddContact. The vulnerability was found in its dependency Plone CMS. See CVE-2016-7138.\r\nhttps://github.com/collective/collective.contact.core/pull/25", - "cve": "CVE-2016-7138", - "id": "pyup.io-25657", - "more_info_path": "/vulnerabilities/CVE-2016-7138/25657", + "advisory": "Coldsweat 0.10.0 updates its dependency 'requests' to version '2.20.1' to include a security fix.\r\nhttps://github.com/passiomatic/coldsweat/commit/646edf0ef75cf62c7ba009a7ce62b4b8ffae26c3", + "cve": "CVE-2014-1829", + "id": "pyup.io-59446", + "more_info_path": "/vulnerabilities/CVE-2014-1829/59446", "specs": [ - "<1.10" + "<0.10.0" ], - "v": "<1.10" + "v": "<0.10.0" }, + { + "advisory": "Coldsweat 0.10.0 updates its dependency 'requests' to version '2.20.1' to include a security fix.\r\nhttps://github.com/passiomatic/coldsweat/commit/646edf0ef75cf62c7ba009a7ce62b4b8ffae26c3", + "cve": "CVE-2014-1830", + "id": "pyup.io-59447", + "more_info_path": "/vulnerabilities/CVE-2014-1830/59447", + "specs": [ + "<0.10.0" + ], + "v": "<0.10.0" + }, + { + "advisory": "Coldsweat 0.10.0 updates its dependency 'requests' to version '2.20.1' to include a security fix.\r\nhttps://github.com/passiomatic/coldsweat/commit/646edf0ef75cf62c7ba009a7ce62b4b8ffae26c3", + "cve": "CVE-2015-2296", + "id": "pyup.io-59448", + "more_info_path": "/vulnerabilities/CVE-2015-2296/59448", + "specs": [ + "<0.10.0" + ], + "v": "<0.10.0" + }, + { + "advisory": "Coldsweat 0.10.0 updates its dependency 'requests' to version '2.20.1' to include a security fix.\r\nhttps://github.com/passiomatic/coldsweat/commit/646edf0ef75cf62c7ba009a7ce62b4b8ffae26c3", + "cve": "CVE-2018-18074", + "id": "pyup.io-59432", + "more_info_path": "/vulnerabilities/CVE-2018-18074/59432", + "specs": [ + "<0.10.0" + ], + "v": "<0.10.0" + } + ], + "collective-contact-core": [ { "advisory": "collective-contact-core before 1.10", "cve": "PVE-2021-36089", @@ -17407,6 +17696,16 @@ "<1.10" ], "v": "<1.10" + }, + { + "advisory": "Collective.contact.core 1.10 fixes a security issue related to AddContact. The vulnerability was found in its dependency Plone CMS. See CVE-2016-7138.\r\nhttps://github.com/collective/collective.contact.core/pull/25", + "cve": "CVE-2016-7138", + "id": "pyup.io-25657", + "more_info_path": "/vulnerabilities/CVE-2016-7138/25657", + "specs": [ + "<1.10" + ], + "v": "<1.10" } ], "collective-contact-widget": [ @@ -17692,16 +17991,6 @@ } ], "composer": [ - { - "advisory": "Composer 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2023-24816", - "id": "pyup.io-53697", - "more_info_path": "/vulnerabilities/CVE-2023-24816/53697", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, { "advisory": "Composer 0.13.0 updates its dependency 'certifi' requirement to '>=2022.12.7' in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", "cve": "CVE-2022-23491", @@ -17722,6 +18011,26 @@ ], "v": "<0.13.0" }, + { + "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2021-34552", + "id": "pyup.io-53694", + "more_info_path": "/vulnerabilities/CVE-2021-34552/53694", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, + { + "advisory": "Composer 0.13.0 updates its dependency 'ipython' to v8.11.0 in Dockerfile to include a security fix.\r\nhttps://github.com/mosaicml/composer/pull/2007", + "cve": "CVE-2023-24816", + "id": "pyup.io-53697", + "more_info_path": "/vulnerabilities/CVE-2023-24816/53697", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, { "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", "cve": "PVE-2021-44525", @@ -17761,16 +18070,6 @@ "<0.13.0" ], "v": "<0.13.0" - }, - { - "advisory": "Composer 0.13.0 updates its dependency 'pillow' to v9.0.0 in Dockerfile to include security fixes.\r\nhttps://github.com/mosaicml/composer/pull/2007", - "cve": "CVE-2021-34552", - "id": "pyup.io-53694", - "more_info_path": "/vulnerabilities/CVE-2021-34552/53694", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" } ], "conan": [ @@ -17880,6 +18179,26 @@ ], "v": "<5.0.0" }, + { + "advisory": "In confidant 5.0.0 updates its dependency 'gunicorn' to a version >=19.9.0 to include security fixes.", + "cve": "PVE-2021-40103", + "id": "pyup.io-45038", + "more_info_path": "/vulnerabilities/PVE-2021-40103/45038", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, + { + "advisory": "In confidant 5.0.0 updates its dependency 'flask' to v1.1.1 to include security fixes.", + "cve": "CVE-2018-1000656", + "id": "pyup.io-45034", + "more_info_path": "/vulnerabilities/CVE-2018-1000656/45034", + "specs": [ + "<5.0.0" + ], + "v": "<5.0.0" + }, { "advisory": "In confidant 5.0.0 updates its dependency 'python3-saml' to v1.8.0 to include a security fix.", "cve": "PVE-2021-39454", @@ -17970,26 +18289,6 @@ ], "v": "<5.0.0" }, - { - "advisory": "In confidant 5.0.0 updates its dependency 'gunicorn' to a version >=19.9.0 to include security fixes.", - "cve": "PVE-2021-40103", - "id": "pyup.io-45038", - "more_info_path": "/vulnerabilities/PVE-2021-40103/45038", - "specs": [ - "<5.0.0" - ], - "v": "<5.0.0" - }, - { - "advisory": "In confidant 5.0.0 updates its dependency 'flask' to v1.1.1 to include security fixes.", - "cve": "CVE-2018-1000656", - "id": "pyup.io-45034", - "more_info_path": "/vulnerabilities/CVE-2018-1000656/45034", - "specs": [ - "<5.0.0" - ], - "v": "<5.0.0" - }, { "advisory": "Confidant 6.3.0 adds support for keeping track of when credentials should be rotated. It therefore adds three new fields to the Credential model, two of which improve the security (`last_decrypted_date` and `last_rotation_date`). The former explicitly stores when someone viewed a credential. Certain credentials can potentially be highly vulnerable and could benefit from being rotated the moment the credential pair is viewed. The latter stores when a credential was last rotated. Some credentials might need to periodically be rotated for security purposes.", "cve": "PVE-2021-38560", @@ -18059,20 +18358,20 @@ "v": "<1.3.0" }, { - "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler the client nonce, which is expected to be a random string, was a static string.", - "cve": "PVE-2021-38165", - "id": "pyup.io-38165", - "more_info_path": "/vulnerabilities/PVE-2021-38165/38165", + "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler: If 'sasl.username' and 'sasl.password' contained characters that needed escaping, a buffer overflow and heap corruption would occur. This was protected, but too late, by an assertion.", + "cve": "PVE-2022-48601", + "id": "pyup.io-48601", + "more_info_path": "/vulnerabilities/PVE-2022-48601/48601", "specs": [ "<1.4.0" ], "v": "<1.4.0" }, { - "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler: If 'sasl.username' and 'sasl.password' contained characters that needed escaping, a buffer overflow and heap corruption would occur. This was protected, but too late, by an assertion.", - "cve": "PVE-2022-48601", - "id": "pyup.io-48601", - "more_info_path": "/vulnerabilities/PVE-2022-48601/48601", + "advisory": "Confluent-kafka 1.4.0 fixes a security issue in the SASL SCRAM protocol handler the client nonce, which is expected to be a random string, was a static string.", + "cve": "PVE-2021-38165", + "id": "pyup.io-38165", + "more_info_path": "/vulnerabilities/PVE-2021-38165/38165", "specs": [ "<1.4.0" ], @@ -18106,9 +18405,9 @@ "connect-sdk-python2": [ { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2019-11324", - "id": "pyup.io-51385", - "more_info_path": "/vulnerabilities/CVE-2019-11324/51385", + "cve": "CVE-2019-11236", + "id": "pyup.io-51384", + "more_info_path": "/vulnerabilities/CVE-2019-11236/51384", "specs": [ "<3.33.0" ], @@ -18116,9 +18415,9 @@ }, { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2018-20060", - "id": "pyup.io-51359", - "more_info_path": "/vulnerabilities/CVE-2018-20060/51359", + "cve": "CVE-2021-33503", + "id": "pyup.io-51387", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51387", "specs": [ "<3.33.0" ], @@ -18126,9 +18425,9 @@ }, { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2020-26137", - "id": "pyup.io-51386", - "more_info_path": "/vulnerabilities/CVE-2020-26137/51386", + "cve": "CVE-2018-20060", + "id": "pyup.io-51359", + "more_info_path": "/vulnerabilities/CVE-2018-20060/51359", "specs": [ "<3.33.0" ], @@ -18136,9 +18435,9 @@ }, { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2019-11236", - "id": "pyup.io-51384", - "more_info_path": "/vulnerabilities/CVE-2019-11236/51384", + "cve": "CVE-2019-11324", + "id": "pyup.io-51385", + "more_info_path": "/vulnerabilities/CVE-2019-11324/51385", "specs": [ "<3.33.0" ], @@ -18146,9 +18445,9 @@ }, { "advisory": "Connect-sdk-python2 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2021-33503", - "id": "pyup.io-51387", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51387", + "cve": "CVE-2020-26137", + "id": "pyup.io-51386", + "more_info_path": "/vulnerabilities/CVE-2020-26137/51386", "specs": [ "<3.33.0" ], @@ -18158,9 +18457,9 @@ "connect-sdk-python3": [ { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2019-11324", - "id": "pyup.io-51381", - "more_info_path": "/vulnerabilities/CVE-2019-11324/51381", + "cve": "CVE-2019-11236", + "id": "pyup.io-51382", + "more_info_path": "/vulnerabilities/CVE-2019-11236/51382", "specs": [ "<3.33.0" ], @@ -18168,9 +18467,9 @@ }, { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2018-20060", - "id": "pyup.io-51383", - "more_info_path": "/vulnerabilities/CVE-2018-20060/51383", + "cve": "CVE-2021-33503", + "id": "pyup.io-51360", + "more_info_path": "/vulnerabilities/CVE-2021-33503/51360", "specs": [ "<3.33.0" ], @@ -18178,9 +18477,9 @@ }, { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2019-11236", - "id": "pyup.io-51382", - "more_info_path": "/vulnerabilities/CVE-2019-11236/51382", + "cve": "CVE-2020-26137", + "id": "pyup.io-51380", + "more_info_path": "/vulnerabilities/CVE-2020-26137/51380", "specs": [ "<3.33.0" ], @@ -18188,9 +18487,9 @@ }, { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2020-26137", - "id": "pyup.io-51380", - "more_info_path": "/vulnerabilities/CVE-2020-26137/51380", + "cve": "CVE-2018-20060", + "id": "pyup.io-51383", + "more_info_path": "/vulnerabilities/CVE-2018-20060/51383", "specs": [ "<3.33.0" ], @@ -18198,9 +18497,9 @@ }, { "advisory": "Connect-sdk-python3 3.33.0 updates the minimum 'requests' version from 2.20.0 to 2.25.0, as earlier versions depend on a vulnerable 'urllib3' version.", - "cve": "CVE-2021-33503", - "id": "pyup.io-51360", - "more_info_path": "/vulnerabilities/CVE-2021-33503/51360", + "cve": "CVE-2019-11324", + "id": "pyup.io-51381", + "more_info_path": "/vulnerabilities/CVE-2019-11324/51381", "specs": [ "<3.33.0" ], @@ -18364,6 +18663,16 @@ } ], "copyparty": [ + { + "advisory": "Copyparty 0.11.31 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/9001/copyparty/commit/a5120d4f6fe4afe91eb0e091063de6b9ba9e81e1", + "cve": "PVE-2023-59586", + "id": "pyup.io-59586", + "more_info_path": "/vulnerabilities/PVE-2023-59586/59586", + "specs": [ + "<0.11.31" + ], + "v": "<0.11.31" + }, { "advisory": "Copyparty 0.12.3 fixes a bug where malicious POSTs through an nginx reverse-proxy could put the connection in a bad state, causing the next legit request to fail with bad headers.", "cve": "PVE-2023-53478", @@ -18375,24 +18684,34 @@ "v": "<0.12.3" }, { - "advisory": "The maintainers of Copyparty report that they \"hopefully\" have fixed a bug in version 0.12.3 where malicious POSTs through an nginx reverse-proxy could put the connection in a bad state, causing the next legit request to fail with bad headers", - "cve": "PVE-2021-41050", - "id": "pyup.io-41050", - "more_info_path": "/vulnerabilities/PVE-2021-41050/41050", + "advisory": "Copyparty 1.0.10 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/9001/copyparty/commit/8399e95bda9a43c3c68c55c948bd4696a9374c27", + "cve": "PVE-2023-59584", + "id": "pyup.io-59584", + "more_info_path": "/vulnerabilities/PVE-2023-59584/59584", "specs": [ - "<0.12.3" + "<1.0.10" ], - "v": "<0.12.3" + "v": "<1.0.10" }, { - "advisory": "Copyparty 1.2.8 fixes a theoretical XSS vulnerability. It echoed bad requests as HTML.", - "cve": "PVE-2022-48397", - "id": "pyup.io-48397", - "more_info_path": "/vulnerabilities/PVE-2022-48397/48397", + "advisory": "Copyparty 1.0.8 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/9001/copyparty/commit/bd5cfc2f1b90c278157fd5593735703763dbaf05", + "cve": "PVE-2023-59585", + "id": "pyup.io-59585", + "more_info_path": "/vulnerabilities/PVE-2023-59585/59585", "specs": [ - "<1.2.8" + "<1.0.8" ], - "v": "<1.2.8" + "v": "<1.0.8" + }, + { + "advisory": "Copyparty 1.2.11 includes a fix for a Denial of Service vulnerability.\r\nhttps://github.com/9001/copyparty/issues/9", + "cve": "PVE-2023-59370", + "id": "pyup.io-59370", + "more_info_path": "/vulnerabilities/PVE-2023-59370/59370", + "specs": [ + "<1.2.11" + ], + "v": "<1.2.11" }, { "advisory": "Copyparty 1.2.8 includes a fix for a theoretical XSS vulnerability.\r\nhttps://github.com/9001/copyparty/commit/73fa70b41f182c7077332a3460364bf625c099d7", @@ -18403,6 +18722,46 @@ "<1.2.8" ], "v": "<1.2.8" + }, + { + "advisory": "Copyparty 1.8.2 includes a fix for Race Condition vulnerabilities. According to the explanation of commits, there could be loss of availability via exploiting this vulnerability.\r\nhttps://github.com/9001/copyparty/commit/77f1e5144455eb946db7368792ea11c934f0f6da\r\nhttps://github.com/9001/copyparty/commit/8f59afb1593a75b8ce8c91ceee304097a07aea6e", + "cve": "PVE-2023-59475", + "id": "pyup.io-59475", + "more_info_path": "/vulnerabilities/PVE-2023-59475/59475", + "specs": [ + "<1.8.2" + ], + "v": "<1.8.2" + }, + { + "advisory": "Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the '.cpr' subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit '043e3c7d' which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "cve": "CVE-2023-37474", + "id": "pyup.io-59466", + "more_info_path": "/vulnerabilities/CVE-2023-37474/59466", + "specs": [ + "<1.8.2" + ], + "v": "<1.8.2" + }, + { + "advisory": "Copyparty 1.8.6 includes a fix for a Reflected XSS vulnerability.\r\nhttps://github.com/9001/copyparty/security/advisories/GHSA-cw7j-v52w-fp5r", + "cve": "PVE-2023-59775", + "id": "pyup.io-59775", + "more_info_path": "/vulnerabilities/PVE-2023-59775/59775", + "specs": [ + "<1.8.4" + ], + "v": "<1.8.4" + }, + { + "advisory": "Copyparty 1.8.7 includes a fix for a Reflected cross-site scripting vulnerability in k304 parameter.\r\nhttps://github.com/9001/copyparty/security/advisories/GHSA-f54q-j679-p9hh", + "cve": "PVE-2023-59838", + "id": "pyup.io-59838", + "more_info_path": "/vulnerabilities/PVE-2023-59838/59838", + "specs": [ + "<1.8.7" + ], + "v": "<1.8.7" } ], "cortex": [ @@ -18429,18 +18788,6 @@ "v": "<2.1.1" } ], - "couchbase": [ - { - "advisory": "An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.", - "cve": "CVE-2022-32563", - "id": "pyup.io-54094", - "more_info_path": "/vulnerabilities/CVE-2022-32563/54094", - "specs": [ - ">=3.0.0,<3.0.2" - ], - "v": ">=3.0.0,<3.0.2" - } - ], "cova": [ { "advisory": "Cova 0.7.4 updates its dependency 'dask' to v2021.10.0 to include a security fix.", @@ -18522,11 +18869,21 @@ ], "v": "<0.13.0" }, + { + "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", + "cve": "CVE-2016-10735", + "id": "pyup.io-49068", + "more_info_path": "/vulnerabilities/CVE-2016-10735/49068", + "specs": [ + "<0.13.0" + ], + "v": "<0.13.0" + }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2015-9251", - "id": "pyup.io-49059", - "more_info_path": "/vulnerabilities/CVE-2015-9251/49059", + "cve": "CVE-2012-6708", + "id": "pyup.io-49057", + "more_info_path": "/vulnerabilities/CVE-2012-6708/49057", "specs": [ "<0.13.0" ], @@ -18534,9 +18891,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2020-7656", - "id": "pyup.io-49062", - "more_info_path": "/vulnerabilities/CVE-2020-7656/49062", + "cve": "CVE-2011-4969", + "id": "pyup.io-39529", + "more_info_path": "/vulnerabilities/CVE-2011-4969/39529", "specs": [ "<0.13.0" ], @@ -18554,19 +18911,19 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2012-6708", - "id": "pyup.io-49057", - "more_info_path": "/vulnerabilities/CVE-2012-6708/49057", + "cve": "CVE-2020-7656", + "id": "pyup.io-49062", + "more_info_path": "/vulnerabilities/CVE-2020-7656/49062", "specs": [ "<0.13.0" ], "v": "<0.13.0" }, { - "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2016-10735", - "id": "pyup.io-49068", - "more_info_path": "/vulnerabilities/CVE-2016-10735/49068", + "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", + "cve": "CVE-2019-11358", + "id": "pyup.io-49061", + "more_info_path": "/vulnerabilities/CVE-2019-11358/49061", "specs": [ "<0.13.0" ], @@ -18574,9 +18931,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-14040", - "id": "pyup.io-49066", - "more_info_path": "/vulnerabilities/CVE-2018-14040/49066", + "cve": "CVE-2018-14042", + "id": "pyup.io-49067", + "more_info_path": "/vulnerabilities/CVE-2018-14042/49067", "specs": [ "<0.13.0" ], @@ -18584,9 +18941,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-20677", - "id": "pyup.io-49064", - "more_info_path": "/vulnerabilities/CVE-2018-20677/49064", + "cve": "CVE-2018-14040", + "id": "pyup.io-49066", + "more_info_path": "/vulnerabilities/CVE-2018-14040/49066", "specs": [ "<0.13.0" ], @@ -18594,9 +18951,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2011-4969", - "id": "pyup.io-39529", - "more_info_path": "/vulnerabilities/CVE-2011-4969/39529", + "cve": "CVE-2012-6708", + "id": "pyup.io-49056", + "more_info_path": "/vulnerabilities/CVE-2012-6708/49056", "specs": [ "<0.13.0" ], @@ -18604,9 +18961,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-20676", - "id": "pyup.io-49065", - "more_info_path": "/vulnerabilities/CVE-2018-20676/49065", + "cve": "CVE-2019-8331", + "id": "pyup.io-49063", + "more_info_path": "/vulnerabilities/CVE-2019-8331/49063", "specs": [ "<0.13.0" ], @@ -18614,9 +18971,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2018-14042", - "id": "pyup.io-49067", - "more_info_path": "/vulnerabilities/CVE-2018-14042/49067", + "cve": "CVE-2018-20676", + "id": "pyup.io-49065", + "more_info_path": "/vulnerabilities/CVE-2018-20676/49065", "specs": [ "<0.13.0" ], @@ -18624,9 +18981,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2012-6708", - "id": "pyup.io-49056", - "more_info_path": "/vulnerabilities/CVE-2012-6708/49056", + "cve": "CVE-2015-9251", + "id": "pyup.io-49059", + "more_info_path": "/vulnerabilities/CVE-2015-9251/49059", "specs": [ "<0.13.0" ], @@ -18634,19 +18991,9 @@ }, { "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'bootstrap' to v4.5.3 to include security fixes.", - "cve": "CVE-2019-8331", - "id": "pyup.io-49063", - "more_info_path": "/vulnerabilities/CVE-2019-8331/49063", - "specs": [ - "<0.13.0" - ], - "v": "<0.13.0" - }, - { - "advisory": "Crate-docs-theme 0.13.0 updates its NPM dependency 'jquery' to v3.5.1 to include security fixes.", - "cve": "CVE-2019-11358", - "id": "pyup.io-49061", - "more_info_path": "/vulnerabilities/CVE-2019-11358/49061", + "cve": "CVE-2018-20677", + "id": "pyup.io-49064", + "more_info_path": "/vulnerabilities/CVE-2018-20677/49064", "specs": [ "<0.13.0" ], @@ -18773,9 +19120,9 @@ "cryptacular": [ { "advisory": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.", - "cve": "PVE-2021-25677", - "id": "pyup.io-25677", - "more_info_path": "/vulnerabilities/PVE-2021-25677/25677", + "cve": "CVE-2011-2483", + "id": "pyup.io-42230", + "more_info_path": "/vulnerabilities/CVE-2011-2483/42230", "specs": [ "<1.2" ], @@ -18783,9 +19130,9 @@ }, { "advisory": "crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.", - "cve": "CVE-2011-2483", - "id": "pyup.io-42230", - "more_info_path": "/vulnerabilities/CVE-2011-2483/42230", + "cve": "PVE-2021-25677", + "id": "pyup.io-25677", + "more_info_path": "/vulnerabilities/PVE-2021-25677/25677", "specs": [ "<1.2" ], @@ -18816,6 +19163,28 @@ "v": "<0.1.5" } ], + "cryptoadvance.specter": [ + { + "advisory": "Cryptoadvance.specter 0.5.0 includes a fix for mishandling the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee in BIP-143 in the Bitcoin protocol.\r\nhttps://github.com/cryptoadvance/specter-desktop/pull/178", + "cve": "CVE-2020-14199", + "id": "pyup.io-59423", + "more_info_path": "/vulnerabilities/CVE-2020-14199/59423", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + }, + { + "advisory": "Cryptoadvance.specter 1.7.2 includes a fix for a CSRF vulnerability.\r\nhttps://github.com/cryptoadvance/specter-desktop/pull/1478", + "cve": "PVE-2023-59421", + "id": "pyup.io-59421", + "more_info_path": "/vulnerabilities/PVE-2023-59421/59421", + "specs": [ + "<1.7.2" + ], + "v": "<1.7.2" + } + ], "cryptoasset-data-downloader": [ { "advisory": "The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.", @@ -18913,19 +19282,19 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0215", - "id": "pyup.io-53305", - "more_info_path": "/vulnerabilities/CVE-2023-0215/53305", + "cve": "CVE-2023-0217", + "id": "pyup.io-53306", + "more_info_path": "/vulnerabilities/CVE-2023-0217/53306", "specs": [ "<39.0.1" ], "v": "<39.0.1" }, { - "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0401", - "id": "pyup.io-53307", - "more_info_path": "/vulnerabilities/CVE-2023-0401/53307", + "advisory": "Cryptography 39.0.1 includes a fix for CVE-2022-3996, a DoS vulnerability affecting openssl.\r\nhttps://github.com/pyca/cryptography/issues/7940", + "cve": "CVE-2022-3996", + "id": "pyup.io-53298", + "more_info_path": "/vulnerabilities/CVE-2022-3996/53298", "specs": [ "<39.0.1" ], @@ -18933,19 +19302,19 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0217", - "id": "pyup.io-53306", - "more_info_path": "/vulnerabilities/CVE-2023-0217/53306", + "cve": "CVE-2022-4203", + "id": "pyup.io-53301", + "more_info_path": "/vulnerabilities/CVE-2022-4203/53301", "specs": [ "<39.0.1" ], "v": "<39.0.1" }, { - "advisory": "Cryptography 39.0.1 includes a fix for CVE-2022-3996, a DoS vulnerability affecting openssl.\r\nhttps://github.com/pyca/cryptography/issues/7940", - "cve": "CVE-2022-3996", - "id": "pyup.io-53298", - "more_info_path": "/vulnerabilities/CVE-2022-3996/53298", + "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", + "cve": "CVE-2023-0401", + "id": "pyup.io-53307", + "more_info_path": "/vulnerabilities/CVE-2023-0401/53307", "specs": [ "<39.0.1" ], @@ -18953,9 +19322,9 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0216", - "id": "pyup.io-53302", - "more_info_path": "/vulnerabilities/CVE-2023-0216/53302", + "cve": "CVE-2023-0215", + "id": "pyup.io-53305", + "more_info_path": "/vulnerabilities/CVE-2023-0215/53305", "specs": [ "<39.0.1" ], @@ -18963,9 +19332,9 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2022-4203", - "id": "pyup.io-53301", - "more_info_path": "/vulnerabilities/CVE-2022-4203/53301", + "cve": "CVE-2023-0286", + "id": "pyup.io-53304", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53304", "specs": [ "<39.0.1" ], @@ -18983,9 +19352,9 @@ }, { "advisory": "Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.\r\nhttps://github.com/pyca/cryptography/issues/8229", - "cve": "CVE-2023-0286", - "id": "pyup.io-53304", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53304", + "cve": "CVE-2023-0216", + "id": "pyup.io-53302", + "more_info_path": "/vulnerabilities/CVE-2023-0216/53302", "specs": [ "<39.0.1" ], @@ -19011,6 +19380,16 @@ ], "v": "<41.0.0" }, + { + "advisory": "The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.", + "cve": "CVE-2023-38325", + "id": "pyup.io-59473", + "more_info_path": "/vulnerabilities/CVE-2023-38325/59473", + "specs": [ + "<41.0.2" + ], + "v": "<41.0.2" + }, { "advisory": "Cryptography 3.2 and prior are vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.", "cve": "CVE-2020-25659", @@ -19937,6 +20316,26 @@ ], "v": "<0.14.15" }, + { + "advisory": "Dagster 0.14.8 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/dagster-io/dagster/pull/7192", + "cve": "PVE-2023-59761", + "id": "pyup.io-59761", + "more_info_path": "/vulnerabilities/PVE-2023-59761/59761", + "specs": [ + "<0.14.8" + ], + "v": "<0.14.8" + }, + { + "advisory": "Dagster 0.15.5 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/dagster-io/dagster/pull/8729\r\nhttps://github.com/dagster-io/dagster/pull/8720", + "cve": "PVE-2023-59759", + "id": "pyup.io-59759", + "more_info_path": "/vulnerabilities/PVE-2023-59759/59759", + "specs": [ + "<0.15.5" + ], + "v": "<0.15.5" + }, { "advisory": "Dagster 1.0.17 treats SSH keys as secrets to avoid printing them to the console or logs.\r\nhttps://github.com/dagster-io/dagster/commit/649ea0e7bec95788debb60df7da9bf14b7257ec6", "cve": "PVE-2022-51815", @@ -19951,9 +20350,9 @@ "dagster-cloud": [ { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-23219", - "id": "pyup.io-52151", - "more_info_path": "/vulnerabilities/CVE-2022-23219/52151", + "cve": "CVE-2022-37434", + "id": "pyup.io-52156", + "more_info_path": "/vulnerabilities/CVE-2022-37434/52156", "specs": [ "<1.1.4" ], @@ -19961,9 +20360,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-33574", - "id": "pyup.io-52153", - "more_info_path": "/vulnerabilities/CVE-2021-33574/52153", + "cve": "CVE-2022-0778", + "id": "pyup.io-52165", + "more_info_path": "/vulnerabilities/CVE-2022-0778/52165", "specs": [ "<1.1.4" ], @@ -19971,9 +20370,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-52166", - "more_info_path": "/vulnerabilities/CVE-2018-25032/52166", + "cve": "CVE-2021-33574", + "id": "pyup.io-52153", + "more_info_path": "/vulnerabilities/CVE-2021-33574/52153", "specs": [ "<1.1.4" ], @@ -19981,9 +20380,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-43680", - "id": "pyup.io-52161", - "more_info_path": "/vulnerabilities/CVE-2022-43680/52161", + "cve": "CVE-2022-23219", + "id": "pyup.io-52151", + "more_info_path": "/vulnerabilities/CVE-2022-23219/52151", "specs": [ "<1.1.4" ], @@ -20001,9 +20400,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-23218", - "id": "pyup.io-52152", - "more_info_path": "/vulnerabilities/CVE-2022-23218/52152", + "cve": "CVE-2022-2509", + "id": "pyup.io-52163", + "more_info_path": "/vulnerabilities/CVE-2022-2509/52163", "specs": [ "<1.1.4" ], @@ -20011,9 +20410,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-2509", - "id": "pyup.io-52163", - "more_info_path": "/vulnerabilities/CVE-2022-2509/52163", + "cve": "CVE-2022-1664", + "id": "pyup.io-52146", + "more_info_path": "/vulnerabilities/CVE-2022-1664/52146", "specs": [ "<1.1.4" ], @@ -20021,9 +20420,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-2068", - "id": "pyup.io-52155", - "more_info_path": "/vulnerabilities/CVE-2022-2068/52155", + "cve": "CVE-2021-46828", + "id": "pyup.io-52164", + "more_info_path": "/vulnerabilities/CVE-2021-46828/52164", "specs": [ "<1.1.4" ], @@ -20031,9 +20430,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-43396", - "id": "pyup.io-52162", - "more_info_path": "/vulnerabilities/CVE-2021-43396/52162", + "cve": "CVE-2022-1586", + "id": "pyup.io-52158", + "more_info_path": "/vulnerabilities/CVE-2022-1586/52158", "specs": [ "<1.1.4" ], @@ -20041,9 +20440,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-0778", - "id": "pyup.io-52165", - "more_info_path": "/vulnerabilities/CVE-2022-0778/52165", + "cve": "CVE-2021-4209", + "id": "pyup.io-52168", + "more_info_path": "/vulnerabilities/CVE-2021-4209/52168", "specs": [ "<1.1.4" ], @@ -20051,9 +20450,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-37434", - "id": "pyup.io-52156", - "more_info_path": "/vulnerabilities/CVE-2022-37434/52156", + "cve": "CVE-2022-1587", + "id": "pyup.io-52157", + "more_info_path": "/vulnerabilities/CVE-2022-1587/52157", "specs": [ "<1.1.4" ], @@ -20061,9 +20460,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-40674", - "id": "pyup.io-52150", - "more_info_path": "/vulnerabilities/CVE-2022-40674/52150", + "cve": "CVE-2018-25032", + "id": "pyup.io-52166", + "more_info_path": "/vulnerabilities/CVE-2018-25032/52166", "specs": [ "<1.1.4" ], @@ -20071,9 +20470,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1292", - "id": "pyup.io-52154", - "more_info_path": "/vulnerabilities/CVE-2022-1292/52154", + "cve": "CVE-2021-3997", + "id": "pyup.io-52170", + "more_info_path": "/vulnerabilities/CVE-2021-3997/52170", "specs": [ "<1.1.4" ], @@ -20081,9 +20480,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1664", - "id": "pyup.io-52146", - "more_info_path": "/vulnerabilities/CVE-2022-1664/52146", + "cve": "CVE-2022-1271", + "id": "pyup.io-52159", + "more_info_path": "/vulnerabilities/CVE-2022-1271/52159", "specs": [ "<1.1.4" ], @@ -20091,9 +20490,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-3997", - "id": "pyup.io-52170", - "more_info_path": "/vulnerabilities/CVE-2021-3997/52170", + "cve": "CVE-2021-43396", + "id": "pyup.io-52162", + "more_info_path": "/vulnerabilities/CVE-2021-43396/52162", "specs": [ "<1.1.4" ], @@ -20101,9 +20500,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-3999", - "id": "pyup.io-52160", - "more_info_path": "/vulnerabilities/CVE-2021-3999/52160", + "cve": "CVE-2022-23218", + "id": "pyup.io-52152", + "more_info_path": "/vulnerabilities/CVE-2022-23218/52152", "specs": [ "<1.1.4" ], @@ -20111,9 +20510,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-46828", - "id": "pyup.io-52164", - "more_info_path": "/vulnerabilities/CVE-2021-46828/52164", + "cve": "CVE-2022-2068", + "id": "pyup.io-52155", + "more_info_path": "/vulnerabilities/CVE-2022-2068/52155", "specs": [ "<1.1.4" ], @@ -20121,9 +20520,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1586", - "id": "pyup.io-52158", - "more_info_path": "/vulnerabilities/CVE-2022-1586/52158", + "cve": "CVE-2022-34903", + "id": "pyup.io-52167", + "more_info_path": "/vulnerabilities/CVE-2022-34903/52167", "specs": [ "<1.1.4" ], @@ -20131,9 +20530,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-34903", - "id": "pyup.io-52167", - "more_info_path": "/vulnerabilities/CVE-2022-34903/52167", + "cve": "CVE-2021-3999", + "id": "pyup.io-52160", + "more_info_path": "/vulnerabilities/CVE-2021-3999/52160", "specs": [ "<1.1.4" ], @@ -20141,9 +20540,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1271", - "id": "pyup.io-52159", - "more_info_path": "/vulnerabilities/CVE-2022-1271/52159", + "cve": "CVE-2022-1292", + "id": "pyup.io-52154", + "more_info_path": "/vulnerabilities/CVE-2022-1292/52154", "specs": [ "<1.1.4" ], @@ -20151,9 +20550,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2021-4209", - "id": "pyup.io-52168", - "more_info_path": "/vulnerabilities/CVE-2021-4209/52168", + "cve": "CVE-2022-43680", + "id": "pyup.io-52161", + "more_info_path": "/vulnerabilities/CVE-2022-43680/52161", "specs": [ "<1.1.4" ], @@ -20161,9 +20560,9 @@ }, { "advisory": "Dagster-cloud 1.1.4 updates 'dagster/dagster-cloud-agent' Docker image\u2019s base to 'python:3.8.15-slim' to include security fixes.", - "cve": "CVE-2022-1587", - "id": "pyup.io-52157", - "more_info_path": "/vulnerabilities/CVE-2022-1587/52157", + "cve": "CVE-2022-40674", + "id": "pyup.io-52150", + "more_info_path": "/vulnerabilities/CVE-2022-40674/52150", "specs": [ "<1.1.4" ], @@ -20298,9 +20697,9 @@ }, { "advisory": "Dapla-toolbelt-pseudo 0.2.1 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", - "cve": "CVE-2022-4304", - "id": "pyup.io-53734", - "more_info_path": "/vulnerabilities/CVE-2022-4304/53734", + "cve": "CVE-2023-0286", + "id": "pyup.io-53733", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53733", "specs": [ "<0.2.1" ], @@ -20308,9 +20707,9 @@ }, { "advisory": "Dapla-toolbelt-pseudo 0.2.1 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", - "cve": "CVE-2022-4450", - "id": "pyup.io-53735", - "more_info_path": "/vulnerabilities/CVE-2022-4450/53735", + "cve": "CVE-2022-4304", + "id": "pyup.io-53734", + "more_info_path": "/vulnerabilities/CVE-2022-4304/53734", "specs": [ "<0.2.1" ], @@ -20328,9 +20727,9 @@ }, { "advisory": "Dapla-toolbelt-pseudo 0.2.1 updates its dependency 'cryptography' to v39.0.1 to include security fixes.", - "cve": "CVE-2023-0286", - "id": "pyup.io-53733", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53733", + "cve": "CVE-2022-4450", + "id": "pyup.io-53735", + "more_info_path": "/vulnerabilities/CVE-2022-4450/53735", "specs": [ "<0.2.1" ], @@ -20416,16 +20815,6 @@ } ], "dash-extensions": [ - { - "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'mermaid' to v9.0.1 to include a security fix.", - "cve": "CVE-2021-43861", - "id": "pyup.io-48567", - "more_info_path": "/vulnerabilities/CVE-2021-43861/48567", - "specs": [ - "<0.1.1" - ], - "v": "<0.1.1" - }, { "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'minimist' to v1.2.6 to include a security fix.", "cve": "CVE-2021-44906", @@ -20447,50 +20836,60 @@ "v": "<0.1.1" }, { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'loader-utils' to v3.2.1 to include security fixes.", - "cve": "CVE-2022-37601", - "id": "pyup.io-52351", - "more_info_path": "/vulnerabilities/CVE-2022-37601/52351", + "advisory": "Dash-extensions 0.1.1 updates its NPM dependency 'mermaid' to v9.0.1 to include a security fix.", + "cve": "CVE-2021-43861", + "id": "pyup.io-48567", + "more_info_path": "/vulnerabilities/CVE-2021-43861/48567", + "specs": [ + "<0.1.1" + ], + "v": "<0.1.1" + }, + { + "advisory": "Dash-extensions 0.1.8 updates its dependency 'cryptography' to v 38.0.3 to include security fixes.", + "cve": "CVE-2022-3602", + "id": "pyup.io-52356", + "more_info_path": "/vulnerabilities/CVE-2022-3602/52356", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency \"mermaid\" requirement to \"^9.2.2\" to include a security fix.", - "cve": "CVE-2022-31108", - "id": "pyup.io-52354", - "more_info_path": "/vulnerabilities/CVE-2022-31108/52354", + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'loader-utils' to v3.2.1 to include security fixes.", + "cve": "CVE-2022-37603", + "id": "pyup.io-52353", + "more_info_path": "/vulnerabilities/CVE-2022-37603/52353", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'minimatch' to v3.1.2 to include a security fix.", - "cve": "CVE-2022-3517", - "id": "pyup.io-52303", - "more_info_path": "/vulnerabilities/CVE-2022-3517/52303", + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'loader-utils' to v3.2.1 to include security fixes.", + "cve": "CVE-2022-37601", + "id": "pyup.io-52351", + "more_info_path": "/vulnerabilities/CVE-2022-37601/52351", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'loader-utils' to v3.2.1 to include security fixes.", - "cve": "CVE-2022-37603", - "id": "pyup.io-52353", - "more_info_path": "/vulnerabilities/CVE-2022-37603/52353", + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency \"mermaid\" requirement to \"^9.2.2\" to include a security fix.", + "cve": "CVE-2022-31108", + "id": "pyup.io-52354", + "more_info_path": "/vulnerabilities/CVE-2022-31108/52354", "specs": [ "<0.1.8" ], "v": "<0.1.8" }, { - "advisory": "Dash-extensions 0.1.8 updates its dependency 'cryptography' to v 38.0.3 to include security fixes.", - "cve": "CVE-2022-3602", - "id": "pyup.io-52356", - "more_info_path": "/vulnerabilities/CVE-2022-3602/52356", + "advisory": "Dash-extensions 0.1.8 updates its NPM dependency 'minimatch' to v3.1.2 to include a security fix.", + "cve": "CVE-2022-3517", + "id": "pyup.io-52303", + "more_info_path": "/vulnerabilities/CVE-2022-3517/52303", "specs": [ "<0.1.8" ], @@ -20757,6 +21156,30 @@ "v": "<0.1.7" } ], + "dataiku-api-client": [ + { + "advisory": "Dataiku-api-client 11.1.0 and before interact with Dataiku DSS 11.2.1 or prior versions, which are vulnerable to CVE-2023-24045.", + "cve": "CVE-2023-24045", + "id": "pyup.io-59543", + "more_info_path": "/vulnerabilities/CVE-2023-24045/59543", + "specs": [ + "<=11.1.0" + ], + "v": "<=11.1.0" + } + ], + "dataiku-scoring": [ + { + "advisory": "Dataiku-scoring 11.1.0 and before interact with Dataiku DSS 11.2.1 or prior versions, which are vulnerable to CVE-2023-24045.", + "cve": "CVE-2023-24045", + "id": "pyup.io-59544", + "more_info_path": "/vulnerabilities/CVE-2023-24045/59544", + "specs": [ + "<=11.1.0" + ], + "v": "<=11.1.0" + } + ], "datajob": [ { "advisory": "Datajob 0.6.0 includes a patch to shell out commands more securely.", @@ -20964,20 +21387,20 @@ ], "dateable-chronos": [ { - "advisory": "Dateable.chronos 0.8 includes a fix for a XSS vulnerability in the get_view_day method.\r\nhttps://github.com/collective/dateable.chronos/commit/fd91af02186e61b3e161a2f620da9422eb228c71", - "cve": "PVE-2021-25685", - "id": "pyup.io-25685", - "more_info_path": "/vulnerabilities/PVE-2021-25685/25685", + "advisory": "Dateable-chronos 0.8 includes a fix for a XSS vulnerability in the get_view_day method.\r\nhttps://github.com/collective/dateable.chronos/commit/fd91af02186e61b3e161a2f620da9422eb228c71", + "cve": "PVE-2021-35988", + "id": "pyup.io-35988", + "more_info_path": "/vulnerabilities/PVE-2021-35988/35988", "specs": [ "<0.8" ], "v": "<0.8" }, { - "advisory": "Dateable-chronos 0.8 includes a fix for a XSS vulnerability in the get_view_day method.\r\nhttps://github.com/collective/dateable.chronos/commit/fd91af02186e61b3e161a2f620da9422eb228c71", - "cve": "PVE-2021-35988", - "id": "pyup.io-35988", - "more_info_path": "/vulnerabilities/PVE-2021-35988/35988", + "advisory": "Dateable.chronos 0.8 includes a fix for a XSS vulnerability in the get_view_day method.\r\nhttps://github.com/collective/dateable.chronos/commit/fd91af02186e61b3e161a2f620da9422eb228c71", + "cve": "PVE-2021-25685", + "id": "pyup.io-25685", + "more_info_path": "/vulnerabilities/PVE-2021-25685/25685", "specs": [ "<0.8" ], @@ -21027,16 +21450,6 @@ ], "v": "<1.5.0" }, - { - "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-50417", - "more_info_path": "/vulnerabilities/CVE-2022-29200/50417", - "specs": [ - "<1.5.0" - ], - "v": "<1.5.0" - }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", "cve": "CVE-2022-29206", @@ -21067,6 +21480,16 @@ ], "v": "<1.5.0" }, + { + "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", + "cve": "CVE-2022-29200", + "id": "pyup.io-50417", + "more_info_path": "/vulnerabilities/CVE-2022-29200/50417", + "specs": [ + "<1.5.0" + ], + "v": "<1.5.0" + }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", "cve": "CVE-2022-27780", @@ -21129,9 +21552,9 @@ }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-23572", - "id": "pyup.io-50378", - "more_info_path": "/vulnerabilities/CVE-2022-23572/50378", + "cve": "CVE-2022-23584", + "id": "pyup.io-50390", + "more_info_path": "/vulnerabilities/CVE-2022-23584/50390", "specs": [ "<1.5.0" ], @@ -21139,9 +21562,9 @@ }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-23584", - "id": "pyup.io-50390", - "more_info_path": "/vulnerabilities/CVE-2022-23584/50390", + "cve": "CVE-2022-23572", + "id": "pyup.io-50378", + "more_info_path": "/vulnerabilities/CVE-2022-23572/50378", "specs": [ "<1.5.0" ], @@ -21199,9 +21622,9 @@ }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-50418", - "more_info_path": "/vulnerabilities/CVE-2022-29201/50418", + "cve": "CVE-2022-29204", + "id": "pyup.io-50421", + "more_info_path": "/vulnerabilities/CVE-2022-29204/50421", "specs": [ "<1.5.0" ], @@ -21209,9 +21632,9 @@ }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-50421", - "more_info_path": "/vulnerabilities/CVE-2022-29204/50421", + "cve": "CVE-2022-29201", + "id": "pyup.io-50418", + "more_info_path": "/vulnerabilities/CVE-2022-29201/50418", "specs": [ "<1.5.0" ], @@ -21727,16 +22150,6 @@ ], "v": "<1.5.0" }, - { - "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-50419", - "more_info_path": "/vulnerabilities/CVE-2022-29202/50419", - "specs": [ - "<1.5.0" - ], - "v": "<1.5.0" - }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", "cve": "CVE-2022-29203", @@ -21789,9 +22202,9 @@ }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-50369", - "more_info_path": "/vulnerabilities/CVE-2022-23563/50369", + "cve": "CVE-2022-29208", + "id": "pyup.io-50425", + "more_info_path": "/vulnerabilities/CVE-2022-29208/50425", "specs": [ "<1.5.0" ], @@ -21799,9 +22212,9 @@ }, { "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", - "cve": "CVE-2022-29208", - "id": "pyup.io-50425", - "more_info_path": "/vulnerabilities/CVE-2022-29208/50425", + "cve": "CVE-2022-23563", + "id": "pyup.io-50369", + "more_info_path": "/vulnerabilities/CVE-2022-23563/50369", "specs": [ "<1.5.0" ], @@ -21886,6 +22299,16 @@ "<1.5.0" ], "v": "<1.5.0" + }, + { + "advisory": "Datum 1.5.0 updates its dependency 'TensorFlow' to v2.8.1 to include security fixes.", + "cve": "CVE-2022-29202", + "id": "pyup.io-50419", + "more_info_path": "/vulnerabilities/CVE-2022-29202/50419", + "specs": [ + "<1.5.0" + ], + "v": "<1.5.0" } ], "datumaro": [ @@ -22110,6 +22533,26 @@ "<0.11.0" ], "v": "<0.11.0" + }, + { + "advisory": "Ddtrace 0.39 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/DataDog/dd-trace-py/pull/1435", + "cve": "PVE-2023-59562", + "id": "pyup.io-59562", + "more_info_path": "/vulnerabilities/PVE-2023-59562/59562", + "specs": [ + "<0.39" + ], + "v": "<0.39" + }, + { + "advisory": "Ddtrace 0.41 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/DataDog/dd-trace-py/pull/1569", + "cve": "PVE-2023-59561", + "id": "pyup.io-59561", + "more_info_path": "/vulnerabilities/PVE-2023-59561/59561", + "specs": [ + "<0.41" + ], + "v": "<0.41" } ], "debianized-jupyterhub": [ @@ -22197,6 +22640,16 @@ } ], "decancer-py": [ + { + "advisory": "Decancer-py 0.2.2 updates its dependency 'decancer' to version '1.6.4' to include fixes for two DoS vulnerabilities.\r\nhttps://github.com/Jonxslays/decancer_py/pull/4", + "cve": "PVE-2023-59516", + "id": "pyup.io-59516", + "more_info_path": "/vulnerabilities/PVE-2023-59516/59516", + "specs": [ + "<0.2.2" + ], + "v": "<0.2.2" + }, { "advisory": "Decancer-py 0.2.1 (python bindings) updates to Decancer 1.5.2, that includes a fix for a potential Denial of Service vulnerability.\r\nhttps://github.com/null8626/decancer/commit/4e5c4dea99eb99a048e45912dc1e144d9c015d1b", "cve": "PVE-2022-52559", @@ -22265,16 +22718,6 @@ } ], "deepcell": [ - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29575", - "id": "pyup.io-48799", - "more_info_path": "/vulnerabilities/CVE-2021-29575/48799", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29595", @@ -22315,16 +22758,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29572", - "id": "pyup.io-48796", - "more_info_path": "/vulnerabilities/CVE-2021-29572/48796", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29586", @@ -22335,16 +22768,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37655", - "id": "pyup.io-48863", - "more_info_path": "/vulnerabilities/CVE-2021-37655/48863", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29541", @@ -22395,16 +22818,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29612", - "id": "pyup.io-48836", - "more_info_path": "/vulnerabilities/CVE-2021-29612/48836", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37653", @@ -22415,16 +22828,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37676", - "id": "pyup.io-48884", - "more_info_path": "/vulnerabilities/CVE-2021-37676/48884", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37648", @@ -22455,16 +22858,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29609", - "id": "pyup.io-48833", - "more_info_path": "/vulnerabilities/CVE-2021-29609/48833", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29613", @@ -22495,16 +22888,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29528", - "id": "pyup.io-48752", - "more_info_path": "/vulnerabilities/CVE-2021-29528/48752", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29561", @@ -22515,16 +22898,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2020-8285", - "id": "pyup.io-48730", - "more_info_path": "/vulnerabilities/CVE-2020-8285/48730", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29608", @@ -22535,36 +22908,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29600", - "id": "pyup.io-48824", - "more_info_path": "/vulnerabilities/CVE-2021-29600/48824", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29585", - "id": "pyup.io-48809", - "more_info_path": "/vulnerabilities/CVE-2021-29585/48809", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29512", - "id": "pyup.io-48736", - "more_info_path": "/vulnerabilities/CVE-2021-29512/48736", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29521", @@ -22575,16 +22918,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29619", - "id": "pyup.io-48843", - "more_info_path": "/vulnerabilities/CVE-2021-29619/48843", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29578", @@ -22807,9 +23140,9 @@ }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29564", - "id": "pyup.io-48788", - "more_info_path": "/vulnerabilities/CVE-2021-29564/48788", + "cve": "CVE-2021-29569", + "id": "pyup.io-48793", + "more_info_path": "/vulnerabilities/CVE-2021-29569/48793", "specs": [ "<0.10.0rc1" ], @@ -22817,9 +23150,9 @@ }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29569", - "id": "pyup.io-48793", - "more_info_path": "/vulnerabilities/CVE-2021-29569/48793", + "cve": "CVE-2021-29564", + "id": "pyup.io-48788", + "more_info_path": "/vulnerabilities/CVE-2021-29564/48788", "specs": [ "<0.10.0rc1" ], @@ -22955,36 +23288,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29542", - "id": "pyup.io-48766", - "more_info_path": "/vulnerabilities/CVE-2021-29542/48766", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29544", - "id": "pyup.io-48768", - "more_info_path": "/vulnerabilities/CVE-2021-29544/48768", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29552", - "id": "pyup.io-48776", - "more_info_path": "/vulnerabilities/CVE-2021-29552/48776", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29581", @@ -22995,16 +23298,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29570", - "id": "pyup.io-48794", - "more_info_path": "/vulnerabilities/CVE-2021-29570/48794", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29562", @@ -23025,26 +23318,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29565", - "id": "pyup.io-48789", - "more_info_path": "/vulnerabilities/CVE-2021-29565/48789", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29573", - "id": "pyup.io-48797", - "more_info_path": "/vulnerabilities/CVE-2021-29573/48797", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29577", @@ -23125,16 +23398,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29601", - "id": "pyup.io-48825", - "more_info_path": "/vulnerabilities/CVE-2021-29601/48825", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29602", @@ -23205,26 +23468,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37646", - "id": "pyup.io-48854", - "more_info_path": "/vulnerabilities/CVE-2021-37646/48854", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37647", - "id": "pyup.io-48855", - "more_info_path": "/vulnerabilities/CVE-2021-37647/48855", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37649", @@ -23235,36 +23478,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37654", - "id": "pyup.io-48862", - "more_info_path": "/vulnerabilities/CVE-2021-37654/48862", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37656", - "id": "pyup.io-48864", - "more_info_path": "/vulnerabilities/CVE-2021-37656/48864", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37668", - "id": "pyup.io-48876", - "more_info_path": "/vulnerabilities/CVE-2021-37668/48876", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37664", @@ -23285,26 +23498,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37671", - "id": "pyup.io-48879", - "more_info_path": "/vulnerabilities/CVE-2021-37671/48879", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37689", - "id": "pyup.io-48897", - "more_info_path": "/vulnerabilities/CVE-2021-37689/48897", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-22876", @@ -23325,16 +23518,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29536", - "id": "pyup.io-48760", - "more_info_path": "/vulnerabilities/CVE-2021-29536/48760", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29540", @@ -23475,16 +23658,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37660", - "id": "pyup.io-48868", - "more_info_path": "/vulnerabilities/CVE-2021-37660/48868", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37659", @@ -23505,16 +23678,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37687", - "id": "pyup.io-48895", - "more_info_path": "/vulnerabilities/CVE-2021-37687/48895", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29559", @@ -23645,26 +23808,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29554", - "id": "pyup.io-48778", - "more_info_path": "/vulnerabilities/CVE-2021-29554/48778", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29518", - "id": "pyup.io-48742", - "more_info_path": "/vulnerabilities/CVE-2021-29518/48742", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-29539", @@ -23705,16 +23848,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-29591", - "id": "pyup.io-48815", - "more_info_path": "/vulnerabilities/CVE-2021-29591/48815", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37688", @@ -23765,16 +23898,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37665", - "id": "pyup.io-48873", - "more_info_path": "/vulnerabilities/CVE-2021-37665/48873", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37670", @@ -23895,36 +24018,6 @@ ], "v": "<0.10.0rc1" }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2021-37667", - "id": "pyup.io-48875", - "more_info_path": "/vulnerabilities/CVE-2021-37667/48875", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2020-8169", - "id": "pyup.io-48723", - "more_info_path": "/vulnerabilities/CVE-2020-8169/48723", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, - { - "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-48728", - "more_info_path": "/vulnerabilities/CVE-2020-8231/48728", - "specs": [ - "<0.10.0rc1" - ], - "v": "<0.10.0rc1" - }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2020-8286", @@ -23995,6 +24088,366 @@ ], "v": "<0.10.0rc1" }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29575", + "id": "pyup.io-48799", + "more_info_path": "/vulnerabilities/CVE-2021-29575/48799", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37655", + "id": "pyup.io-48863", + "more_info_path": "/vulnerabilities/CVE-2021-37655/48863", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29572", + "id": "pyup.io-48796", + "more_info_path": "/vulnerabilities/CVE-2021-29572/48796", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29612", + "id": "pyup.io-48836", + "more_info_path": "/vulnerabilities/CVE-2021-29612/48836", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37676", + "id": "pyup.io-48884", + "more_info_path": "/vulnerabilities/CVE-2021-37676/48884", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29600", + "id": "pyup.io-48824", + "more_info_path": "/vulnerabilities/CVE-2021-29600/48824", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29609", + "id": "pyup.io-48833", + "more_info_path": "/vulnerabilities/CVE-2021-29609/48833", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29528", + "id": "pyup.io-48752", + "more_info_path": "/vulnerabilities/CVE-2021-29528/48752", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2020-8285", + "id": "pyup.io-48730", + "more_info_path": "/vulnerabilities/CVE-2020-8285/48730", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29585", + "id": "pyup.io-48809", + "more_info_path": "/vulnerabilities/CVE-2021-29585/48809", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29512", + "id": "pyup.io-48736", + "more_info_path": "/vulnerabilities/CVE-2021-29512/48736", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29619", + "id": "pyup.io-48843", + "more_info_path": "/vulnerabilities/CVE-2021-29619/48843", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29542", + "id": "pyup.io-48766", + "more_info_path": "/vulnerabilities/CVE-2021-29542/48766", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29544", + "id": "pyup.io-48768", + "more_info_path": "/vulnerabilities/CVE-2021-29544/48768", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29552", + "id": "pyup.io-48776", + "more_info_path": "/vulnerabilities/CVE-2021-29552/48776", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29570", + "id": "pyup.io-48794", + "more_info_path": "/vulnerabilities/CVE-2021-29570/48794", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29565", + "id": "pyup.io-48789", + "more_info_path": "/vulnerabilities/CVE-2021-29565/48789", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37646", + "id": "pyup.io-48854", + "more_info_path": "/vulnerabilities/CVE-2021-37646/48854", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37647", + "id": "pyup.io-48855", + "more_info_path": "/vulnerabilities/CVE-2021-37647/48855", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29573", + "id": "pyup.io-48797", + "more_info_path": "/vulnerabilities/CVE-2021-29573/48797", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29601", + "id": "pyup.io-48825", + "more_info_path": "/vulnerabilities/CVE-2021-29601/48825", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37654", + "id": "pyup.io-48862", + "more_info_path": "/vulnerabilities/CVE-2021-37654/48862", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37656", + "id": "pyup.io-48864", + "more_info_path": "/vulnerabilities/CVE-2021-37656/48864", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37668", + "id": "pyup.io-48876", + "more_info_path": "/vulnerabilities/CVE-2021-37668/48876", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37671", + "id": "pyup.io-48879", + "more_info_path": "/vulnerabilities/CVE-2021-37671/48879", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37689", + "id": "pyup.io-48897", + "more_info_path": "/vulnerabilities/CVE-2021-37689/48897", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29536", + "id": "pyup.io-48760", + "more_info_path": "/vulnerabilities/CVE-2021-29536/48760", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37660", + "id": "pyup.io-48868", + "more_info_path": "/vulnerabilities/CVE-2021-37660/48868", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37687", + "id": "pyup.io-48895", + "more_info_path": "/vulnerabilities/CVE-2021-37687/48895", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29554", + "id": "pyup.io-48778", + "more_info_path": "/vulnerabilities/CVE-2021-29554/48778", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29518", + "id": "pyup.io-48742", + "more_info_path": "/vulnerabilities/CVE-2021-29518/48742", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-29591", + "id": "pyup.io-48815", + "more_info_path": "/vulnerabilities/CVE-2021-29591/48815", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37665", + "id": "pyup.io-48873", + "more_info_path": "/vulnerabilities/CVE-2021-37665/48873", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2021-37667", + "id": "pyup.io-48875", + "more_info_path": "/vulnerabilities/CVE-2021-37667/48875", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2020-8169", + "id": "pyup.io-48723", + "more_info_path": "/vulnerabilities/CVE-2020-8169/48723", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, + { + "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", + "cve": "CVE-2020-8231", + "id": "pyup.io-48728", + "more_info_path": "/vulnerabilities/CVE-2020-8231/48728", + "specs": [ + "<0.10.0rc1" + ], + "v": "<0.10.0rc1" + }, { "advisory": "Deepcell 0.10.0rc1 updates its dependency 'TensorFlow' to v2.5.1 to include security fixes.", "cve": "CVE-2021-37677", @@ -24025,26 +24478,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23566", - "id": "pyup.io-48965", - "more_info_path": "/vulnerabilities/CVE-2022-23566/48965", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23595", - "id": "pyup.io-48990", - "more_info_path": "/vulnerabilities/CVE-2022-23595/48990", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-21731", @@ -24065,16 +24498,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23578", - "id": "pyup.io-48977", - "more_info_path": "/vulnerabilities/CVE-2022-23578/48977", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2021-41212", @@ -24115,16 +24538,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23589", - "id": "pyup.io-48988", - "more_info_path": "/vulnerabilities/CVE-2022-23589/48988", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-23583", @@ -24137,9 +24550,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-48917", - "more_info_path": "/vulnerabilities/CVE-2021-41206/48917", + "cve": "CVE-2022-23589", + "id": "pyup.io-48988", + "more_info_path": "/vulnerabilities/CVE-2022-23589/48988", "specs": [ "<0.12.0rc0" ], @@ -24147,9 +24560,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-22924", - "id": "pyup.io-48903", - "more_info_path": "/vulnerabilities/CVE-2021-22924/48903", + "cve": "CVE-2021-41206", + "id": "pyup.io-48917", + "more_info_path": "/vulnerabilities/CVE-2021-41206/48917", "specs": [ "<0.12.0rc0" ], @@ -24205,16 +24618,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41203", - "id": "pyup.io-48914", - "more_info_path": "/vulnerabilities/CVE-2021-41203/48914", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2021-41208", @@ -24235,16 +24638,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-22922", - "id": "pyup.io-48901", - "more_info_path": "/vulnerabilities/CVE-2021-22922/48901", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2021-22925", @@ -24305,16 +24698,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-48911", - "more_info_path": "/vulnerabilities/CVE-2021-41200/48911", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2021-41218", @@ -24345,16 +24728,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21735", - "id": "pyup.io-48949", - "more_info_path": "/vulnerabilities/CVE-2022-21735/48949", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-23569", @@ -24465,16 +24838,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21736", - "id": "pyup.io-48950", - "more_info_path": "/vulnerabilities/CVE-2022-21736/48950", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-21734", @@ -24505,16 +24868,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23577", - "id": "pyup.io-48976", - "more_info_path": "/vulnerabilities/CVE-2022-23577/48976", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-21729", @@ -24535,16 +24888,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21741", - "id": "pyup.io-48955", - "more_info_path": "/vulnerabilities/CVE-2022-21741/48955", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-21738", @@ -24565,26 +24908,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41195", - "id": "pyup.io-48906", - "more_info_path": "/vulnerabilities/CVE-2021-41195/48906", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21726", - "id": "pyup.io-48940", - "more_info_path": "/vulnerabilities/CVE-2022-21726/48940", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2022-23588", @@ -24605,16 +24928,6 @@ ], "v": "<0.12.0rc0" }, - { - "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41224", - "id": "pyup.io-48934", - "more_info_path": "/vulnerabilities/CVE-2021-41224/48934", - "specs": [ - "<0.12.0rc0" - ], - "v": "<0.12.0rc0" - }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", "cve": "CVE-2021-41215", @@ -24757,9 +25070,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41207", - "id": "pyup.io-48918", - "more_info_path": "/vulnerabilities/CVE-2021-41207/48918", + "cve": "CVE-2022-23573", + "id": "pyup.io-48972", + "more_info_path": "/vulnerabilities/CVE-2022-23573/48972", "specs": [ "<0.12.0rc0" ], @@ -24767,9 +25080,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41210", - "id": "pyup.io-48921", - "more_info_path": "/vulnerabilities/CVE-2021-41210/48921", + "cve": "CVE-2022-23579", + "id": "pyup.io-48978", + "more_info_path": "/vulnerabilities/CVE-2022-23579/48978", "specs": [ "<0.12.0rc0" ], @@ -24777,9 +25090,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21740", - "id": "pyup.io-48954", - "more_info_path": "/vulnerabilities/CVE-2022-21740/48954", + "cve": "CVE-2020-10531", + "id": "pyup.io-48900", + "more_info_path": "/vulnerabilities/CVE-2020-10531/48900", "specs": [ "<0.12.0rc0" ], @@ -24787,9 +25100,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23562", - "id": "pyup.io-48961", - "more_info_path": "/vulnerabilities/CVE-2022-23562/48961", + "cve": "CVE-2021-22923", + "id": "pyup.io-48902", + "more_info_path": "/vulnerabilities/CVE-2021-22923/48902", "specs": [ "<0.12.0rc0" ], @@ -24797,9 +25110,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-41198", - "id": "pyup.io-48909", - "more_info_path": "/vulnerabilities/CVE-2021-41198/48909", + "cve": "CVE-2022-23584", + "id": "pyup.io-48983", + "more_info_path": "/vulnerabilities/CVE-2022-23584/48983", "specs": [ "<0.12.0rc0" ], @@ -24807,9 +25120,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23570", - "id": "pyup.io-48969", - "more_info_path": "/vulnerabilities/CVE-2022-23570/48969", + "cve": "CVE-2022-23572", + "id": "pyup.io-48971", + "more_info_path": "/vulnerabilities/CVE-2022-23572/48971", "specs": [ "<0.12.0rc0" ], @@ -24817,9 +25130,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23573", - "id": "pyup.io-48972", - "more_info_path": "/vulnerabilities/CVE-2022-23573/48972", + "cve": "CVE-2022-21730", + "id": "pyup.io-48944", + "more_info_path": "/vulnerabilities/CVE-2022-21730/48944", "specs": [ "<0.12.0rc0" ], @@ -24827,9 +25140,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23579", - "id": "pyup.io-48978", - "more_info_path": "/vulnerabilities/CVE-2022-23579/48978", + "cve": "CVE-2022-23576", + "id": "pyup.io-48975", + "more_info_path": "/vulnerabilities/CVE-2022-23576/48975", "specs": [ "<0.12.0rc0" ], @@ -24837,9 +25150,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2020-10531", - "id": "pyup.io-48900", - "more_info_path": "/vulnerabilities/CVE-2020-10531/48900", + "cve": "CVE-2022-23571", + "id": "pyup.io-48970", + "more_info_path": "/vulnerabilities/CVE-2022-23571/48970", "specs": [ "<0.12.0rc0" ], @@ -24847,9 +25160,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-22923", - "id": "pyup.io-48902", - "more_info_path": "/vulnerabilities/CVE-2021-22923/48902", + "cve": "CVE-2022-23566", + "id": "pyup.io-48965", + "more_info_path": "/vulnerabilities/CVE-2022-23566/48965", "specs": [ "<0.12.0rc0" ], @@ -24857,9 +25170,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2021-22926", - "id": "pyup.io-48905", - "more_info_path": "/vulnerabilities/CVE-2021-22926/48905", + "cve": "CVE-2022-23595", + "id": "pyup.io-48990", + "more_info_path": "/vulnerabilities/CVE-2022-23595/48990", "specs": [ "<0.12.0rc0" ], @@ -24867,9 +25180,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23584", - "id": "pyup.io-48983", - "more_info_path": "/vulnerabilities/CVE-2022-23584/48983", + "cve": "CVE-2022-23578", + "id": "pyup.io-48977", + "more_info_path": "/vulnerabilities/CVE-2022-23578/48977", "specs": [ "<0.12.0rc0" ], @@ -24877,9 +25190,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-21730", - "id": "pyup.io-48944", - "more_info_path": "/vulnerabilities/CVE-2022-21730/48944", + "cve": "CVE-2021-22924", + "id": "pyup.io-48903", + "more_info_path": "/vulnerabilities/CVE-2021-22924/48903", "specs": [ "<0.12.0rc0" ], @@ -24887,9 +25200,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23572", - "id": "pyup.io-48971", - "more_info_path": "/vulnerabilities/CVE-2022-23572/48971", + "cve": "CVE-2021-41203", + "id": "pyup.io-48914", + "more_info_path": "/vulnerabilities/CVE-2021-41203/48914", "specs": [ "<0.12.0rc0" ], @@ -24897,9 +25210,9 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23576", - "id": "pyup.io-48975", - "more_info_path": "/vulnerabilities/CVE-2022-23576/48975", + "cve": "CVE-2021-22922", + "id": "pyup.io-48901", + "more_info_path": "/vulnerabilities/CVE-2021-22922/48901", "specs": [ "<0.12.0rc0" ], @@ -24907,9 +25220,149 @@ }, { "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23571", - "id": "pyup.io-48970", - "more_info_path": "/vulnerabilities/CVE-2022-23571/48970", + "cve": "CVE-2021-41200", + "id": "pyup.io-48911", + "more_info_path": "/vulnerabilities/CVE-2021-41200/48911", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-21735", + "id": "pyup.io-48949", + "more_info_path": "/vulnerabilities/CVE-2022-21735/48949", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-21736", + "id": "pyup.io-48950", + "more_info_path": "/vulnerabilities/CVE-2022-21736/48950", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-23577", + "id": "pyup.io-48976", + "more_info_path": "/vulnerabilities/CVE-2022-23577/48976", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-21741", + "id": "pyup.io-48955", + "more_info_path": "/vulnerabilities/CVE-2022-21741/48955", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2021-41195", + "id": "pyup.io-48906", + "more_info_path": "/vulnerabilities/CVE-2021-41195/48906", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-21726", + "id": "pyup.io-48940", + "more_info_path": "/vulnerabilities/CVE-2022-21726/48940", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2021-41224", + "id": "pyup.io-48934", + "more_info_path": "/vulnerabilities/CVE-2021-41224/48934", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2021-41207", + "id": "pyup.io-48918", + "more_info_path": "/vulnerabilities/CVE-2021-41207/48918", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2021-41210", + "id": "pyup.io-48921", + "more_info_path": "/vulnerabilities/CVE-2021-41210/48921", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-21740", + "id": "pyup.io-48954", + "more_info_path": "/vulnerabilities/CVE-2022-21740/48954", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-23562", + "id": "pyup.io-48961", + "more_info_path": "/vulnerabilities/CVE-2022-23562/48961", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2021-41198", + "id": "pyup.io-48909", + "more_info_path": "/vulnerabilities/CVE-2021-41198/48909", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2022-23570", + "id": "pyup.io-48969", + "more_info_path": "/vulnerabilities/CVE-2022-23570/48969", + "specs": [ + "<0.12.0rc0" + ], + "v": "<0.12.0rc0" + }, + { + "advisory": "Deepcell 0.12.0rc0 updates its dependency 'TensorFlow' to v2.8.0 to include security fixes.", + "cve": "CVE-2021-22926", + "id": "pyup.io-48905", + "more_info_path": "/vulnerabilities/CVE-2021-22926/48905", "specs": [ "<0.12.0rc0" ], @@ -25015,16 +25468,6 @@ ], "v": "<0.8" }, - { - "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-5215", - "id": "pyup.io-48710", - "more_info_path": "/vulnerabilities/CVE-2020-5215/48710", - "specs": [ - "<0.8" - ], - "v": "<0.8" - }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", "cve": "CVE-2020-13790", @@ -25155,16 +25598,6 @@ ], "v": "<0.8" }, - { - "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2019-5482", - "id": "pyup.io-48681", - "more_info_path": "/vulnerabilities/CVE-2019-5482/48681", - "specs": [ - "<0.8" - ], - "v": "<0.8" - }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", "cve": "CVE-2020-11655", @@ -25245,16 +25678,6 @@ ], "v": "<0.8" }, - { - "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15207", - "id": "pyup.io-48699", - "more_info_path": "/vulnerabilities/CVE-2020-15207/48699", - "specs": [ - "<0.8" - ], - "v": "<0.8" - }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", "cve": "CVE-2020-15210", @@ -25307,9 +25730,9 @@ }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-15204", - "id": "pyup.io-48696", - "more_info_path": "/vulnerabilities/CVE-2020-15204/48696", + "cve": "CVE-2019-19880", + "id": "pyup.io-48678", + "more_info_path": "/vulnerabilities/CVE-2019-19880/48678", "specs": [ "<0.8" ], @@ -25317,9 +25740,9 @@ }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2019-19646", - "id": "pyup.io-48677", - "more_info_path": "/vulnerabilities/CVE-2019-19646/48677", + "cve": "CVE-2019-20838", + "id": "pyup.io-48679", + "more_info_path": "/vulnerabilities/CVE-2019-20838/48679", "specs": [ "<0.8" ], @@ -25327,9 +25750,9 @@ }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2019-19880", - "id": "pyup.io-48678", - "more_info_path": "/vulnerabilities/CVE-2019-19880/48678", + "cve": "CVE-2020-13631", + "id": "pyup.io-48687", + "more_info_path": "/vulnerabilities/CVE-2020-13631/48687", "specs": [ "<0.8" ], @@ -25337,9 +25760,9 @@ }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2019-20838", - "id": "pyup.io-48679", - "more_info_path": "/vulnerabilities/CVE-2019-20838/48679", + "cve": "CVE-2020-9327", + "id": "pyup.io-48711", + "more_info_path": "/vulnerabilities/CVE-2020-9327/48711", "specs": [ "<0.8" ], @@ -25347,9 +25770,9 @@ }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-13631", - "id": "pyup.io-48687", - "more_info_path": "/vulnerabilities/CVE-2020-13631/48687", + "cve": "CVE-2020-5215", + "id": "pyup.io-48710", + "more_info_path": "/vulnerabilities/CVE-2020-5215/48710", "specs": [ "<0.8" ], @@ -25357,39 +25780,49 @@ }, { "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", - "cve": "CVE-2020-9327", - "id": "pyup.io-48711", - "more_info_path": "/vulnerabilities/CVE-2020-9327/48711", + "cve": "CVE-2019-5482", + "id": "pyup.io-48681", + "more_info_path": "/vulnerabilities/CVE-2019-5482/48681", "specs": [ "<0.8" ], "v": "<0.8" }, { - "advisory": "Deepcell 0.9 updates its dependency 'TensorFlow' to v2.4.1 to include security fixes.", - "cve": "CVE-2020-15266", - "id": "pyup.io-48717", - "more_info_path": "/vulnerabilities/CVE-2020-15266/48717", + "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15207", + "id": "pyup.io-48699", + "more_info_path": "/vulnerabilities/CVE-2020-15207/48699", "specs": [ - "<0.9" + "<0.8" ], - "v": "<0.9" + "v": "<0.8" }, { - "advisory": "Deepcell 0.9 updates its dependency 'TensorFlow' to v2.4.1 to include security fixes.", - "cve": "CVE-2019-20838", - "id": "pyup.io-48712", - "more_info_path": "/vulnerabilities/CVE-2019-20838/48712", + "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", + "cve": "CVE-2020-15204", + "id": "pyup.io-48696", + "more_info_path": "/vulnerabilities/CVE-2020-15204/48696", "specs": [ - "<0.9" + "<0.8" ], - "v": "<0.9" + "v": "<0.8" + }, + { + "advisory": "Deepcell 0.8 updates its dependency 'TensorFlow' to v2.3.1 to include security fixes.", + "cve": "CVE-2019-19646", + "id": "pyup.io-48677", + "more_info_path": "/vulnerabilities/CVE-2019-19646/48677", + "specs": [ + "<0.8" + ], + "v": "<0.8" }, { "advisory": "Deepcell 0.9 updates its dependency 'TensorFlow' to v2.4.1 to include security fixes.", - "cve": "CVE-2020-26268", - "id": "pyup.io-48720", - "more_info_path": "/vulnerabilities/CVE-2020-26268/48720", + "cve": "CVE-2019-20838", + "id": "pyup.io-48712", + "more_info_path": "/vulnerabilities/CVE-2019-20838/48712", "specs": [ "<0.9" ], @@ -25475,6 +25908,26 @@ ], "v": "<0.9" }, + { + "advisory": "Deepcell 0.9 updates its dependency 'TensorFlow' to v2.4.1 to include security fixes.", + "cve": "CVE-2020-15266", + "id": "pyup.io-48717", + "more_info_path": "/vulnerabilities/CVE-2020-15266/48717", + "specs": [ + "<0.9" + ], + "v": "<0.9" + }, + { + "advisory": "Deepcell 0.9 updates its dependency 'TensorFlow' to v2.4.1 to include security fixes.", + "cve": "CVE-2020-26268", + "id": "pyup.io-48720", + "more_info_path": "/vulnerabilities/CVE-2020-26268/48720", + "specs": [ + "<0.9" + ], + "v": "<0.9" + }, { "advisory": "Deepcell 0.12.0rc2 and prior include a version of TensorFlow (2.8.0) with known vulnerabilities.", "cve": "CVE-2022-35939", @@ -25835,9 +26288,9 @@ }, { "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", - "cve": "CVE-2018-12886", - "id": "pyup.io-42148", - "more_info_path": "/vulnerabilities/CVE-2018-12886/42148", + "cve": "CVE-2019-17543", + "id": "pyup.io-45577", + "more_info_path": "/vulnerabilities/CVE-2019-17543/45577", "specs": [ "<0.17.0rc0" ], @@ -25845,9 +26298,9 @@ }, { "advisory": "Determined 0.17.0rc0 switches from debian:10.3-slim to ubuntu:20.04 and unattended-upgrades, to fix security issues.\r\nhttps://github.com/determined-ai/determined/pull/2914", - "cve": "CVE-2019-17543", - "id": "pyup.io-45577", - "more_info_path": "/vulnerabilities/CVE-2019-17543/45577", + "cve": "CVE-2018-12886", + "id": "pyup.io-42148", + "more_info_path": "/vulnerabilities/CVE-2018-12886/42148", "specs": [ "<0.17.0rc0" ], @@ -25865,9 +26318,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41202", - "id": "pyup.io-43340", - "more_info_path": "/vulnerabilities/CVE-2021-41202/43340", + "cve": "CVE-2021-41208", + "id": "pyup.io-43334", + "more_info_path": "/vulnerabilities/CVE-2021-41208/43334", "specs": [ "<0.17.4rc0" ], @@ -25875,9 +26328,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41227", - "id": "pyup.io-43323", - "more_info_path": "/vulnerabilities/CVE-2021-41227/43323", + "cve": "CVE-2021-41210", + "id": "pyup.io-43338", + "more_info_path": "/vulnerabilities/CVE-2021-41210/43338", "specs": [ "<0.17.4rc0" ], @@ -25885,9 +26338,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41225", - "id": "pyup.io-43321", - "more_info_path": "/vulnerabilities/CVE-2021-41225/43321", + "cve": "CVE-2021-41214", + "id": "pyup.io-43319", + "more_info_path": "/vulnerabilities/CVE-2021-41214/43319", "specs": [ "<0.17.4rc0" ], @@ -25895,9 +26348,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41196", - "id": "pyup.io-43315", - "more_info_path": "/vulnerabilities/CVE-2021-41196/43315", + "cve": "CVE-2021-41206", + "id": "pyup.io-43335", + "more_info_path": "/vulnerabilities/CVE-2021-41206/43335", "specs": [ "<0.17.4rc0" ], @@ -25905,9 +26358,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41204", - "id": "pyup.io-43327", - "more_info_path": "/vulnerabilities/CVE-2021-41204/43327", + "cve": "CVE-2021-41199", + "id": "pyup.io-42944", + "more_info_path": "/vulnerabilities/CVE-2021-41199/42944", "specs": [ "<0.17.4rc0" ], @@ -25915,9 +26368,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41207", - "id": "pyup.io-43339", - "more_info_path": "/vulnerabilities/CVE-2021-41207/43339", + "cve": "CVE-2021-41227", + "id": "pyup.io-43323", + "more_info_path": "/vulnerabilities/CVE-2021-41227/43323", "specs": [ "<0.17.4rc0" ], @@ -25925,9 +26378,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41219", - "id": "pyup.io-43320", - "more_info_path": "/vulnerabilities/CVE-2021-41219/43320", + "cve": "CVE-2021-41200", + "id": "pyup.io-43317", + "more_info_path": "/vulnerabilities/CVE-2021-41200/43317", "specs": [ "<0.17.4rc0" ], @@ -25935,9 +26388,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41199", - "id": "pyup.io-42944", - "more_info_path": "/vulnerabilities/CVE-2021-41199/42944", + "cve": "CVE-2021-41202", + "id": "pyup.io-43340", + "more_info_path": "/vulnerabilities/CVE-2021-41202/43340", "specs": [ "<0.17.4rc0" ], @@ -25945,9 +26398,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41215", - "id": "pyup.io-43333", - "more_info_path": "/vulnerabilities/CVE-2021-41215/43333", + "cve": "CVE-2021-41195", + "id": "pyup.io-43343", + "more_info_path": "/vulnerabilities/CVE-2021-41195/43343", "specs": [ "<0.17.4rc0" ], @@ -25955,9 +26408,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41224", - "id": "pyup.io-43330", - "more_info_path": "/vulnerabilities/CVE-2021-41224/43330", + "cve": "CVE-2021-41225", + "id": "pyup.io-43321", + "more_info_path": "/vulnerabilities/CVE-2021-41225/43321", "specs": [ "<0.17.4rc0" ], @@ -25965,9 +26418,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41212", - "id": "pyup.io-43337", - "more_info_path": "/vulnerabilities/CVE-2021-41212/43337", + "cve": "CVE-2021-41204", + "id": "pyup.io-43327", + "more_info_path": "/vulnerabilities/CVE-2021-41204/43327", "specs": [ "<0.17.4rc0" ], @@ -25975,9 +26428,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41228", - "id": "pyup.io-43328", - "more_info_path": "/vulnerabilities/CVE-2021-41228/43328", + "cve": "CVE-2021-41215", + "id": "pyup.io-43333", + "more_info_path": "/vulnerabilities/CVE-2021-41215/43333", "specs": [ "<0.17.4rc0" ], @@ -25985,9 +26438,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41210", - "id": "pyup.io-43338", - "more_info_path": "/vulnerabilities/CVE-2021-41210/43338", + "cve": "CVE-2021-41212", + "id": "pyup.io-43337", + "more_info_path": "/vulnerabilities/CVE-2021-41212/43337", "specs": [ "<0.17.4rc0" ], @@ -25995,9 +26448,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41201", - "id": "pyup.io-43341", - "more_info_path": "/vulnerabilities/CVE-2021-41201/43341", + "cve": "CVE-2021-41213", + "id": "pyup.io-43326", + "more_info_path": "/vulnerabilities/CVE-2021-41213/43326", "specs": [ "<0.17.4rc0" ], @@ -26005,9 +26458,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41206", - "id": "pyup.io-43335", - "more_info_path": "/vulnerabilities/CVE-2021-41206/43335", + "cve": "CVE-2021-41216", + "id": "pyup.io-43332", + "more_info_path": "/vulnerabilities/CVE-2021-41216/43332", "specs": [ "<0.17.4rc0" ], @@ -26015,9 +26468,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41221", - "id": "pyup.io-43324", - "more_info_path": "/vulnerabilities/CVE-2021-41221/43324", + "cve": "CVE-2021-41207", + "id": "pyup.io-43339", + "more_info_path": "/vulnerabilities/CVE-2021-41207/43339", "specs": [ "<0.17.4rc0" ], @@ -26025,9 +26478,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41213", - "id": "pyup.io-43326", - "more_info_path": "/vulnerabilities/CVE-2021-41213/43326", + "cve": "CVE-2021-41224", + "id": "pyup.io-43330", + "more_info_path": "/vulnerabilities/CVE-2021-41224/43330", "specs": [ "<0.17.4rc0" ], @@ -26035,9 +26488,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41218", - "id": "pyup.io-43331", - "more_info_path": "/vulnerabilities/CVE-2021-41218/43331", + "cve": "CVE-2021-41228", + "id": "pyup.io-43328", + "more_info_path": "/vulnerabilities/CVE-2021-41228/43328", "specs": [ "<0.17.4rc0" ], @@ -26045,9 +26498,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41214", - "id": "pyup.io-43319", - "more_info_path": "/vulnerabilities/CVE-2021-41214/43319", + "cve": "CVE-2021-41201", + "id": "pyup.io-43341", + "more_info_path": "/vulnerabilities/CVE-2021-41201/43341", "specs": [ "<0.17.4rc0" ], @@ -26055,9 +26508,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41216", - "id": "pyup.io-43332", - "more_info_path": "/vulnerabilities/CVE-2021-41216/43332", + "cve": "CVE-2021-41196", + "id": "pyup.io-43315", + "more_info_path": "/vulnerabilities/CVE-2021-41196/43315", "specs": [ "<0.17.4rc0" ], @@ -26065,9 +26518,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41205", - "id": "pyup.io-43336", - "more_info_path": "/vulnerabilities/CVE-2021-41205/43336", + "cve": "CVE-2021-41221", + "id": "pyup.io-43324", + "more_info_path": "/vulnerabilities/CVE-2021-41221/43324", "specs": [ "<0.17.4rc0" ], @@ -26075,9 +26528,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41222", - "id": "pyup.io-43329", - "more_info_path": "/vulnerabilities/CVE-2021-41222/43329", + "cve": "CVE-2021-41218", + "id": "pyup.io-43331", + "more_info_path": "/vulnerabilities/CVE-2021-41218/43331", "specs": [ "<0.17.4rc0" ], @@ -26085,9 +26538,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41226", - "id": "pyup.io-43322", - "more_info_path": "/vulnerabilities/CVE-2021-41226/43322", + "cve": "CVE-2021-41219", + "id": "pyup.io-43320", + "more_info_path": "/vulnerabilities/CVE-2021-41219/43320", "specs": [ "<0.17.4rc0" ], @@ -26095,9 +26548,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41198", - "id": "pyup.io-43344", - "more_info_path": "/vulnerabilities/CVE-2021-41198/43344", + "cve": "CVE-2021-41226", + "id": "pyup.io-43322", + "more_info_path": "/vulnerabilities/CVE-2021-41226/43322", "specs": [ "<0.17.4rc0" ], @@ -26105,9 +26558,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41208", - "id": "pyup.io-43334", - "more_info_path": "/vulnerabilities/CVE-2021-41208/43334", + "cve": "CVE-2021-41205", + "id": "pyup.io-43336", + "more_info_path": "/vulnerabilities/CVE-2021-41205/43336", "specs": [ "<0.17.4rc0" ], @@ -26115,9 +26568,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41195", - "id": "pyup.io-43343", - "more_info_path": "/vulnerabilities/CVE-2021-41195/43343", + "cve": "CVE-2021-41198", + "id": "pyup.io-43344", + "more_info_path": "/vulnerabilities/CVE-2021-41198/43344", "specs": [ "<0.17.4rc0" ], @@ -26125,9 +26578,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41200", - "id": "pyup.io-43317", - "more_info_path": "/vulnerabilities/CVE-2021-41200/43317", + "cve": "CVE-2021-41209", + "id": "pyup.io-43325", + "more_info_path": "/vulnerabilities/CVE-2021-41209/43325", "specs": [ "<0.17.4rc0" ], @@ -26135,9 +26588,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41209", - "id": "pyup.io-43325", - "more_info_path": "/vulnerabilities/CVE-2021-41209/43325", + "cve": "CVE-2021-41203", + "id": "pyup.io-43316", + "more_info_path": "/vulnerabilities/CVE-2021-41203/43316", "specs": [ "<0.17.4rc0" ], @@ -26145,9 +26598,9 @@ }, { "advisory": "Determined 0.17.4rc0 includes images updates (to Tensorflow v2.4.4, v2.5.2 and v2.6.2) to include security fixes.", - "cve": "CVE-2021-41203", - "id": "pyup.io-43316", - "more_info_path": "/vulnerabilities/CVE-2021-41203/43316", + "cve": "CVE-2021-41222", + "id": "pyup.io-43329", + "more_info_path": "/vulnerabilities/CVE-2021-41222/43329", "specs": [ "<0.17.4rc0" ], @@ -26175,9 +26628,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-19844", - "id": "pyup.io-54966", - "more_info_path": "/vulnerabilities/CVE-2019-19844/54966", + "cve": "CVE-2019-14234", + "id": "pyup.io-54970", + "more_info_path": "/vulnerabilities/CVE-2019-14234/54970", "specs": [ "<0.17.6" ], @@ -26185,9 +26638,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-9512", - "id": "pyup.io-54969", - "more_info_path": "/vulnerabilities/CVE-2019-9512/54969", + "cve": "CVE-2020-10109", + "id": "pyup.io-54967", + "more_info_path": "/vulnerabilities/CVE-2020-10109/54967", "specs": [ "<0.17.6" ], @@ -26215,9 +26668,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2020-10109", - "id": "pyup.io-54967", - "more_info_path": "/vulnerabilities/CVE-2020-10109/54967", + "cve": "CVE-2019-9512", + "id": "pyup.io-54969", + "more_info_path": "/vulnerabilities/CVE-2019-9512/54969", "specs": [ "<0.17.6" ], @@ -26225,9 +26678,9 @@ }, { "advisory": "Determined 0.17.6 updates env images to include security fixes.\r\nhttps://github.com/determined-ai/determined/pull/3415/commits/18fc5278cd589089dd753f687ec606499117029d", - "cve": "CVE-2019-14234", - "id": "pyup.io-54970", - "more_info_path": "/vulnerabilities/CVE-2019-14234/54970", + "cve": "CVE-2019-19844", + "id": "pyup.io-54966", + "more_info_path": "/vulnerabilities/CVE-2019-19844/54966", "specs": [ "<0.17.6" ], @@ -26235,9 +26688,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29203", - "id": "pyup.io-49550", - "more_info_path": "/vulnerabilities/CVE-2022-29203/49550", + "cve": "CVE-2022-29200", + "id": "pyup.io-49547", + "more_info_path": "/vulnerabilities/CVE-2022-29200/49547", "specs": [ "<0.18.2" ], @@ -26245,9 +26698,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29202", - "id": "pyup.io-49549", - "more_info_path": "/vulnerabilities/CVE-2022-29202/49549", + "cve": "CVE-2022-29193", + "id": "pyup.io-49540", + "more_info_path": "/vulnerabilities/CVE-2022-29193/49540", "specs": [ "<0.18.2" ], @@ -26255,9 +26708,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29209", - "id": "pyup.io-49556", - "more_info_path": "/vulnerabilities/CVE-2022-29209/49556", + "cve": "CVE-2022-29213", + "id": "pyup.io-49559", + "more_info_path": "/vulnerabilities/CVE-2022-29213/49559", "specs": [ "<0.18.2" ], @@ -26265,9 +26718,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29198", - "id": "pyup.io-49545", - "more_info_path": "/vulnerabilities/CVE-2022-29198/49545", + "cve": "CVE-2022-29201", + "id": "pyup.io-49548", + "more_info_path": "/vulnerabilities/CVE-2022-29201/49548", "specs": [ "<0.18.2" ], @@ -26275,9 +26728,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29211", - "id": "pyup.io-49557", - "more_info_path": "/vulnerabilities/CVE-2022-29211/49557", + "cve": "CVE-2022-29196", + "id": "pyup.io-49543", + "more_info_path": "/vulnerabilities/CVE-2022-29196/49543", "specs": [ "<0.18.2" ], @@ -26295,9 +26748,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29191", - "id": "pyup.io-49538", - "more_info_path": "/vulnerabilities/CVE-2022-29191/49538", + "cve": "CVE-2022-29198", + "id": "pyup.io-49545", + "more_info_path": "/vulnerabilities/CVE-2022-29198/49545", "specs": [ "<0.18.2" ], @@ -26305,9 +26758,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29207", - "id": "pyup.io-49554", - "more_info_path": "/vulnerabilities/CVE-2022-29207/49554", + "cve": "CVE-2022-29195", + "id": "pyup.io-49542", + "more_info_path": "/vulnerabilities/CVE-2022-29195/49542", "specs": [ "<0.18.2" ], @@ -26315,9 +26768,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27780", - "id": "pyup.io-49536", - "more_info_path": "/vulnerabilities/CVE-2022-27780/49536", + "cve": "CVE-2022-27781", + "id": "pyup.io-49537", + "more_info_path": "/vulnerabilities/CVE-2022-27781/49537", "specs": [ "<0.18.2" ], @@ -26325,9 +26778,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27776", - "id": "pyup.io-49532", - "more_info_path": "/vulnerabilities/CVE-2022-27776/49532", + "cve": "CVE-2022-29192", + "id": "pyup.io-49539", + "more_info_path": "/vulnerabilities/CVE-2022-29192/49539", "specs": [ "<0.18.2" ], @@ -26335,9 +26788,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29194", - "id": "pyup.io-49541", - "more_info_path": "/vulnerabilities/CVE-2022-29194/49541", + "cve": "CVE-2022-29199", + "id": "pyup.io-49546", + "more_info_path": "/vulnerabilities/CVE-2022-29199/49546", "specs": [ "<0.18.2" ], @@ -26345,9 +26798,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-30115", - "id": "pyup.io-49561", - "more_info_path": "/vulnerabilities/CVE-2022-30115/49561", + "cve": "CVE-2022-29212", + "id": "pyup.io-49558", + "more_info_path": "/vulnerabilities/CVE-2022-29212/49558", "specs": [ "<0.18.2" ], @@ -26355,9 +26808,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27781", - "id": "pyup.io-49537", - "more_info_path": "/vulnerabilities/CVE-2022-27781/49537", + "cve": "CVE-2022-29194", + "id": "pyup.io-49541", + "more_info_path": "/vulnerabilities/CVE-2022-29194/49541", "specs": [ "<0.18.2" ], @@ -26365,9 +26818,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-49529", - "more_info_path": "/vulnerabilities/CVE-2022-22576/49529", + "cve": "CVE-2022-29211", + "id": "pyup.io-49557", + "more_info_path": "/vulnerabilities/CVE-2022-29211/49557", "specs": [ "<0.18.2" ], @@ -26375,9 +26828,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29200", - "id": "pyup.io-49547", - "more_info_path": "/vulnerabilities/CVE-2022-29200/49547", + "cve": "CVE-2022-22576", + "id": "pyup.io-49529", + "more_info_path": "/vulnerabilities/CVE-2022-22576/49529", "specs": [ "<0.18.2" ], @@ -26385,9 +26838,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29193", - "id": "pyup.io-49540", - "more_info_path": "/vulnerabilities/CVE-2022-29193/49540", + "cve": "CVE-2022-30115", + "id": "pyup.io-49561", + "more_info_path": "/vulnerabilities/CVE-2022-30115/49561", "specs": [ "<0.18.2" ], @@ -26395,9 +26848,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29213", - "id": "pyup.io-49559", - "more_info_path": "/vulnerabilities/CVE-2022-29213/49559", + "cve": "CVE-2022-27775", + "id": "pyup.io-49531", + "more_info_path": "/vulnerabilities/CVE-2022-27775/49531", "specs": [ "<0.18.2" ], @@ -26405,9 +26858,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27775", - "id": "pyup.io-49531", - "more_info_path": "/vulnerabilities/CVE-2022-27775/49531", + "cve": "CVE-2022-29204", + "id": "pyup.io-49551", + "more_info_path": "/vulnerabilities/CVE-2022-29204/49551", "specs": [ "<0.18.2" ], @@ -26415,9 +26868,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29192", - "id": "pyup.io-49539", - "more_info_path": "/vulnerabilities/CVE-2022-29192/49539", + "cve": "CVE-2022-29206", + "id": "pyup.io-49553", + "more_info_path": "/vulnerabilities/CVE-2022-29206/49553", "specs": [ "<0.18.2" ], @@ -26425,9 +26878,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29195", - "id": "pyup.io-49542", - "more_info_path": "/vulnerabilities/CVE-2022-29195/49542", + "cve": "CVE-2022-29191", + "id": "pyup.io-49538", + "more_info_path": "/vulnerabilities/CVE-2022-29191/49538", "specs": [ "<0.18.2" ], @@ -26435,9 +26888,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29216", - "id": "pyup.io-49560", - "more_info_path": "/vulnerabilities/CVE-2022-29216/49560", + "cve": "CVE-2018-25032", + "id": "pyup.io-49422", + "more_info_path": "/vulnerabilities/CVE-2018-25032/49422", "specs": [ "<0.18.2" ], @@ -26445,9 +26898,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29196", - "id": "pyup.io-49543", - "more_info_path": "/vulnerabilities/CVE-2022-29196/49543", + "cve": "CVE-2022-27780", + "id": "pyup.io-49536", + "more_info_path": "/vulnerabilities/CVE-2022-27780/49536", "specs": [ "<0.18.2" ], @@ -26455,9 +26908,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29208", - "id": "pyup.io-49555", - "more_info_path": "/vulnerabilities/CVE-2022-29208/49555", + "cve": "CVE-2022-29202", + "id": "pyup.io-49549", + "more_info_path": "/vulnerabilities/CVE-2022-29202/49549", "specs": [ "<0.18.2" ], @@ -26465,9 +26918,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27777", - "id": "pyup.io-49533", - "more_info_path": "/vulnerabilities/CVE-2022-27777/49533", + "cve": "CVE-2022-29205", + "id": "pyup.io-49552", + "more_info_path": "/vulnerabilities/CVE-2022-29205/49552", "specs": [ "<0.18.2" ], @@ -26475,9 +26928,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29197", - "id": "pyup.io-49544", - "more_info_path": "/vulnerabilities/CVE-2022-29197/49544", + "cve": "CVE-2022-27774", + "id": "pyup.io-49530", + "more_info_path": "/vulnerabilities/CVE-2022-27774/49530", "specs": [ "<0.18.2" ], @@ -26485,9 +26938,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29206", - "id": "pyup.io-49553", - "more_info_path": "/vulnerabilities/CVE-2022-29206/49553", + "cve": "CVE-2022-29216", + "id": "pyup.io-49560", + "more_info_path": "/vulnerabilities/CVE-2022-29216/49560", "specs": [ "<0.18.2" ], @@ -26495,9 +26948,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27774", - "id": "pyup.io-49530", - "more_info_path": "/vulnerabilities/CVE-2022-27774/49530", + "cve": "CVE-2022-29208", + "id": "pyup.io-49555", + "more_info_path": "/vulnerabilities/CVE-2022-29208/49555", "specs": [ "<0.18.2" ], @@ -26505,9 +26958,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-49422", - "more_info_path": "/vulnerabilities/CVE-2018-25032/49422", + "cve": "CVE-2022-29203", + "id": "pyup.io-49550", + "more_info_path": "/vulnerabilities/CVE-2022-29203/49550", "specs": [ "<0.18.2" ], @@ -26515,9 +26968,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29205", - "id": "pyup.io-49552", - "more_info_path": "/vulnerabilities/CVE-2022-29205/49552", + "cve": "CVE-2022-29207", + "id": "pyup.io-49554", + "more_info_path": "/vulnerabilities/CVE-2022-29207/49554", "specs": [ "<0.18.2" ], @@ -26525,9 +26978,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29201", - "id": "pyup.io-49548", - "more_info_path": "/vulnerabilities/CVE-2022-29201/49548", + "cve": "CVE-2022-29197", + "id": "pyup.io-49544", + "more_info_path": "/vulnerabilities/CVE-2022-29197/49544", "specs": [ "<0.18.2" ], @@ -26535,9 +26988,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-27778", - "id": "pyup.io-49534", - "more_info_path": "/vulnerabilities/CVE-2022-27778/49534", + "cve": "CVE-2022-27776", + "id": "pyup.io-49532", + "more_info_path": "/vulnerabilities/CVE-2022-27776/49532", "specs": [ "<0.18.2" ], @@ -26545,9 +26998,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29199", - "id": "pyup.io-49546", - "more_info_path": "/vulnerabilities/CVE-2022-29199/49546", + "cve": "CVE-2022-27777", + "id": "pyup.io-49533", + "more_info_path": "/vulnerabilities/CVE-2022-27777/49533", "specs": [ "<0.18.2" ], @@ -26555,9 +27008,9 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29204", - "id": "pyup.io-49551", - "more_info_path": "/vulnerabilities/CVE-2022-29204/49551", + "cve": "CVE-2022-27778", + "id": "pyup.io-49534", + "more_info_path": "/vulnerabilities/CVE-2022-27778/49534", "specs": [ "<0.18.2" ], @@ -26565,19 +27018,19 @@ }, { "advisory": "Determined 0.18.2 updates its dependency 'TensorFlow' supported versions to 2.6.5, 2.7.3 and 2.8.2 to include security fixes.", - "cve": "CVE-2022-29212", - "id": "pyup.io-49558", - "more_info_path": "/vulnerabilities/CVE-2022-29212/49558", + "cve": "CVE-2022-29209", + "id": "pyup.io-49556", + "more_info_path": "/vulnerabilities/CVE-2022-29209/49556", "specs": [ "<0.18.2" ], "v": "<0.18.2" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0691", - "id": "pyup.io-50981", - "more_info_path": "/vulnerabilities/CVE-2022-0691/50981", + "advisory": "Determined 0.19.3 updates its NPM dependency 'ansi-regex' to v3.0.1 to include a security fix.", + "cve": "CVE-2021-3807", + "id": "pyup.io-50971", + "more_info_path": "/vulnerabilities/CVE-2021-3807/50971", "specs": [ "<0.19.3" ], @@ -26594,20 +27047,20 @@ "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0686", - "id": "pyup.io-50980", - "more_info_path": "/vulnerabilities/CVE-2022-0686/50980", + "advisory": "Determined 0.19.3 updates its NPM dependency 'terser' to v4.8.1 to include a security fix.", + "cve": "CVE-2022-25858", + "id": "pyup.io-50977", + "more_info_path": "/vulnerabilities/CVE-2022-25858/50977", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'async' to v2.6.4 to include a security fix.", - "cve": "CVE-2021-43138", - "id": "pyup.io-50972", - "more_info_path": "/vulnerabilities/CVE-2021-43138/50972", + "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0639", + "id": "pyup.io-50979", + "more_info_path": "/vulnerabilities/CVE-2022-0639/50979", "specs": [ "<0.19.3" ], @@ -26624,40 +27077,40 @@ "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'ansi-regex' to v3.0.1 to include a security fix.", - "cve": "CVE-2021-3807", - "id": "pyup.io-50971", - "more_info_path": "/vulnerabilities/CVE-2021-3807/50971", + "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0686", + "id": "pyup.io-50980", + "more_info_path": "/vulnerabilities/CVE-2022-0686/50980", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'terser' to v4.8.1 to include a security fix.", - "cve": "CVE-2022-25858", - "id": "pyup.io-50977", - "more_info_path": "/vulnerabilities/CVE-2022-25858/50977", + "advisory": "Determined 0.19.3 updates its NPM dependency 'moment' to v2.29.4 to include a security fix.", + "cve": "CVE-2022-31129", + "id": "pyup.io-50976", + "more_info_path": "/vulnerabilities/CVE-2022-31129/50976", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0512", - "id": "pyup.io-50982", - "more_info_path": "/vulnerabilities/CVE-2022-0512/50982", + "advisory": "Determined 0.19.3 updates its NPM dependency 'async' to v2.6.4 to include a security fix.", + "cve": "CVE-2021-43138", + "id": "pyup.io-50972", + "more_info_path": "/vulnerabilities/CVE-2021-43138/50972", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'moment' to v2.29.4 to include a security fix.", - "cve": "CVE-2022-31129", - "id": "pyup.io-50976", - "more_info_path": "/vulnerabilities/CVE-2022-31129/50976", + "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0691", + "id": "pyup.io-50981", + "more_info_path": "/vulnerabilities/CVE-2022-0691/50981", "specs": [ "<0.19.3" ], @@ -26665,29 +27118,29 @@ }, { "advisory": "Determined 0.19.3 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0639", - "id": "pyup.io-50979", - "more_info_path": "/vulnerabilities/CVE-2022-0639/50979", + "cve": "CVE-2022-0512", + "id": "pyup.io-50982", + "more_info_path": "/vulnerabilities/CVE-2022-0512/50982", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'eventsource' to v1.1.2 to include a security fix.", - "cve": "CVE-2022-1650", - "id": "pyup.io-50973", - "more_info_path": "/vulnerabilities/CVE-2022-1650/50973", + "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", + "cve": "CVE-2022-0155", + "id": "pyup.io-50975", + "more_info_path": "/vulnerabilities/CVE-2022-0155/50975", "specs": [ "<0.19.3" ], "v": "<0.19.3" }, { - "advisory": "Determined 0.19.3 updates its NPM dependency 'follow-redirects' to v1.15.1 to include security fixes.", - "cve": "CVE-2022-0155", - "id": "pyup.io-50975", - "more_info_path": "/vulnerabilities/CVE-2022-0155/50975", + "advisory": "Determined 0.19.3 updates its NPM dependency 'eventsource' to v1.1.2 to include a security fix.", + "cve": "CVE-2022-1650", + "id": "pyup.io-50973", + "more_info_path": "/vulnerabilities/CVE-2022-1650/50973", "specs": [ "<0.19.3" ], @@ -26789,18 +27242,6 @@ "v": "<22.0.0" } ], - "dinero": [ - { - "advisory": "Dinero 0.2.1 updates its dependencies to include security fixes.\r\nhttps://github.com/wilfredinni/dinero/commit/004aa117f33dc90693569f05e392a485c685e96d", - "cve": "PVE-2023-59200", - "id": "pyup.io-59200", - "more_info_path": "/vulnerabilities/PVE-2023-59200/59200", - "specs": [ - "<0.1.8" - ], - "v": "<0.1.8" - } - ], "dirac": [ { "advisory": "Dirac 8.0.0a13 fixes an arbitrary code execution vulnerability in JEncode.\r\nhttps://github.com/DIRACGrid/DIRAC/pull/5810", @@ -26846,9 +27287,9 @@ }, { "advisory": "Directory-client-core 7.1.1 updates its dependency 'django' minimum requirement to v3.2.18 to include a security fixes.", - "cve": "CVE-2023-24580", - "id": "pyup.io-58777", - "more_info_path": "/vulnerabilities/CVE-2023-24580/58777", + "cve": "CVE-2022-28347", + "id": "pyup.io-58789", + "more_info_path": "/vulnerabilities/CVE-2022-28347/58789", "specs": [ "<7.1.1" ], @@ -26856,9 +27297,9 @@ }, { "advisory": "Directory-client-core 7.1.1 updates its dependency 'django' minimum requirement to v3.2.18 to include a security fixes.", - "cve": "CVE-2022-28347", - "id": "pyup.io-58789", - "more_info_path": "/vulnerabilities/CVE-2022-28347/58789", + "cve": "CVE-2023-24580", + "id": "pyup.io-58777", + "more_info_path": "/vulnerabilities/CVE-2023-24580/58777", "specs": [ "<7.1.1" ], @@ -26930,9 +27371,9 @@ }, { "advisory": "Directory-constants 21.3.0 updates its 'Django' requirement to '>=2.2.28,<=3.2.13' to include security fixes.", - "cve": "CVE-2022-28346", - "id": "pyup.io-53716", - "more_info_path": "/vulnerabilities/CVE-2022-28346/53716", + "cve": "CVE-2022-28347", + "id": "pyup.io-53724", + "more_info_path": "/vulnerabilities/CVE-2022-28347/53724", "specs": [ "<21.3.0" ], @@ -26940,9 +27381,9 @@ }, { "advisory": "Directory-constants 21.3.0 updates its 'Django' requirement to '>=2.2.28,<=3.2.13' to include security fixes.", - "cve": "CVE-2022-28347", - "id": "pyup.io-53724", - "more_info_path": "/vulnerabilities/CVE-2022-28347/53724", + "cve": "CVE-2022-28346", + "id": "pyup.io-53716", + "more_info_path": "/vulnerabilities/CVE-2022-28346/53716", "specs": [ "<21.3.0" ], @@ -26972,9 +27413,9 @@ "directory-healthcheck": [ { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2009-3695", - "id": "pyup.io-50822", - "more_info_path": "/vulnerabilities/CVE-2009-3695/50822", + "cve": "CVE-2019-12308", + "id": "pyup.io-50826", + "more_info_path": "/vulnerabilities/CVE-2019-12308/50826", "specs": [ "<1.1.2" ], @@ -26982,9 +27423,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2019-12308", - "id": "pyup.io-50826", - "more_info_path": "/vulnerabilities/CVE-2019-12308/50826", + "cve": "CVE-2018-14574", + "id": "pyup.io-50823", + "more_info_path": "/vulnerabilities/CVE-2018-14574/50823", "specs": [ "<1.1.2" ], @@ -26992,9 +27433,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2018-14574", - "id": "pyup.io-50823", - "more_info_path": "/vulnerabilities/CVE-2018-14574/50823", + "cve": "CVE-2017-12794", + "id": "pyup.io-50759", + "more_info_path": "/vulnerabilities/CVE-2017-12794/50759", "specs": [ "<1.1.2" ], @@ -27002,9 +27443,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2019-3498", - "id": "pyup.io-50824", - "more_info_path": "/vulnerabilities/CVE-2019-3498/50824", + "cve": "CVE-2019-6975", + "id": "pyup.io-50825", + "more_info_path": "/vulnerabilities/CVE-2019-6975/50825", "specs": [ "<1.1.2" ], @@ -27012,9 +27453,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2019-12781", - "id": "pyup.io-50827", - "more_info_path": "/vulnerabilities/CVE-2019-12781/50827", + "cve": "CVE-2018-7536", + "id": "pyup.io-50820", + "more_info_path": "/vulnerabilities/CVE-2018-7536/50820", "specs": [ "<1.1.2" ], @@ -27022,9 +27463,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2017-12794", - "id": "pyup.io-50759", - "more_info_path": "/vulnerabilities/CVE-2017-12794/50759", + "cve": "CVE-2009-3695", + "id": "pyup.io-50822", + "more_info_path": "/vulnerabilities/CVE-2009-3695/50822", "specs": [ "<1.1.2" ], @@ -27032,9 +27473,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2018-7536", - "id": "pyup.io-50820", - "more_info_path": "/vulnerabilities/CVE-2018-7536/50820", + "cve": "CVE-2019-3498", + "id": "pyup.io-50824", + "more_info_path": "/vulnerabilities/CVE-2019-3498/50824", "specs": [ "<1.1.2" ], @@ -27042,9 +27483,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2018-7537", - "id": "pyup.io-50821", - "more_info_path": "/vulnerabilities/CVE-2018-7537/50821", + "cve": "CVE-2019-12781", + "id": "pyup.io-50827", + "more_info_path": "/vulnerabilities/CVE-2019-12781/50827", "specs": [ "<1.1.2" ], @@ -27052,9 +27493,9 @@ }, { "advisory": "Directory-healthcheck 1.1.2 updates its dependency 'Django' to v1.11.22 to include security fixes.", - "cve": "CVE-2019-6975", - "id": "pyup.io-50825", - "more_info_path": "/vulnerabilities/CVE-2019-6975/50825", + "cve": "CVE-2018-7537", + "id": "pyup.io-50821", + "more_info_path": "/vulnerabilities/CVE-2018-7537/50821", "specs": [ "<1.1.2" ], @@ -27428,19 +27869,6 @@ ], "v": "<1.10.8,>=1.11a1,<1.11.5" }, - { - "advisory": "The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\"", - "cve": "CVE-2014-3730", - "id": "pyup.io-35569", - "more_info_path": "/vulnerabilities/CVE-2014-3730/35569", - "specs": [ - "<1.14.13", - ">=1.5a1,<1.5.8", - ">=1.6a1,<1.6.5", - ">=1.7a1,<1.7b4" - ], - "v": "<1.14.13,>=1.5a1,<1.5.8,>=1.6a1,<1.6.5,>=1.7a1,<1.7b4" - }, { "advisory": "Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.", "cve": "CVE-2010-3082", @@ -27451,6 +27879,17 @@ ], "v": "<1.2.2" }, + { + "advisory": "Django 1.2.7 and 1.3.1 include a fix for CVE-2011-4139: Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.\r\nhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued", + "cve": "CVE-2011-4139", + "id": "pyup.io-35348", + "more_info_path": "/vulnerabilities/CVE-2011-4139/35348", + "specs": [ + "<1.2.7", + ">=1.3a1,<1.3.1" + ], + "v": "<1.2.7,>=1.3a1,<1.3.1" + }, { "advisory": "The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.", "cve": "CVE-2011-4140", @@ -27473,17 +27912,6 @@ ], "v": "<1.2.7,>=1.3a1,<1.3.1" }, - { - "advisory": "Django 1.2.7 and 1.3.1 include a fix for CVE-2011-4139: Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.\r\nhttps://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued", - "cve": "CVE-2011-4139", - "id": "pyup.io-35348", - "more_info_path": "/vulnerabilities/CVE-2011-4139/35348", - "specs": [ - "<1.2.7", - ">=1.3a1,<1.3.1" - ], - "v": "<1.2.7,>=1.3a1,<1.3.1" - }, { "advisory": "django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.", "cve": "CVE-2011-4136", @@ -27590,10 +28018,10 @@ "v": "<1.4.13,>=1.5a1,<1.5.8,>=1.6a1,<1.6.5,>=1.7a1,<1.7b4" }, { - "advisory": "Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-0481: The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.", - "cve": "CVE-2014-0481", - "id": "pyup.io-35514", - "more_info_path": "/vulnerabilities/CVE-2014-0481/35514", + "advisory": "Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-0482: The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.", + "cve": "CVE-2014-0482", + "id": "pyup.io-35515", + "more_info_path": "/vulnerabilities/CVE-2014-0482/35515", "specs": [ "<1.4.14", ">=1.5a1,<1.5.9", @@ -27603,10 +28031,10 @@ "v": "<1.4.14,>=1.5a1,<1.5.9,>=1.6a1,<1.6.6,>=1.7a1,<1.7rc3" }, { - "advisory": "Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-0482: The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.", - "cve": "CVE-2014-0482", - "id": "pyup.io-35515", - "more_info_path": "/vulnerabilities/CVE-2014-0482/35515", + "advisory": "The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. See: CVE-2014-0483.", + "cve": "CVE-2014-0483", + "id": "pyup.io-35516", + "more_info_path": "/vulnerabilities/CVE-2014-0483/35516", "specs": [ "<1.4.14", ">=1.5a1,<1.5.9", @@ -27616,10 +28044,10 @@ "v": "<1.4.14,>=1.5a1,<1.5.9,>=1.6a1,<1.6.6,>=1.7a1,<1.7rc3" }, { - "advisory": "The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. See: CVE-2014-0483.", - "cve": "CVE-2014-0483", - "id": "pyup.io-35516", - "more_info_path": "/vulnerabilities/CVE-2014-0483/35516", + "advisory": "Django 1.4.14, 1.5.9, 1.6.6 and 1.7rc3 include a fix for CVE-2014-0481: The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.", + "cve": "CVE-2014-0481", + "id": "pyup.io-35514", + "more_info_path": "/vulnerabilities/CVE-2014-0481/35514", "specs": [ "<1.4.14", ">=1.5a1,<1.5.9", @@ -27642,10 +28070,10 @@ "v": "<1.4.14,>=1.5a1,<1.5.9,>=1.6a1,<1.6.6,>=1.7a1,<1.7rc3" }, { - "advisory": "Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.", - "cve": "CVE-2015-0219", - "id": "pyup.io-33070", - "more_info_path": "/vulnerabilities/CVE-2015-0219/33070", + "advisory": "The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a \"\\njavascript:\" URL.", + "cve": "CVE-2015-0220", + "id": "pyup.io-33071", + "more_info_path": "/vulnerabilities/CVE-2015-0220/33071", "specs": [ "<1.4.18", ">=1.6a1,<1.6.10", @@ -27654,10 +28082,10 @@ "v": "<1.4.18,>=1.6a1,<1.6.10,>=1.7a1,<1.7.3" }, { - "advisory": "The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL, related to redirect URLs, as demonstrated by a \"\\njavascript:\" URL.", - "cve": "CVE-2015-0220", - "id": "pyup.io-33071", - "more_info_path": "/vulnerabilities/CVE-2015-0220/33071", + "advisory": "Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header, as demonstrated by an X-Auth_User header.", + "cve": "CVE-2015-0219", + "id": "pyup.io-33070", + "more_info_path": "/vulnerabilities/CVE-2015-0219/33070", "specs": [ "<1.4.18", ">=1.6a1,<1.6.10", @@ -27866,10 +28294,10 @@ "v": "<2.2.26,>=3.0a1,<3.2.11,>=4.0a1,<4.0.1" }, { - "advisory": "Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45116: An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.\r\nhttps://www.djangoproject.com/weblog/2022/jan/04/security-releases/", - "cve": "CVE-2021-45116", - "id": "pyup.io-44427", - "more_info_path": "/vulnerabilities/CVE-2021-45116/44427", + "advisory": "Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45452: Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.\r\nhttps://www.djangoproject.com/weblog/2022/jan/04/security-releases/", + "cve": "CVE-2021-45452", + "id": "pyup.io-44426", + "more_info_path": "/vulnerabilities/CVE-2021-45452/44426", "specs": [ "<2.2.26", ">=3.0a1,<3.2.11", @@ -27878,10 +28306,10 @@ "v": "<2.2.26,>=3.0a1,<3.2.11,>=4.0a1,<4.0.1" }, { - "advisory": "Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45452: Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1 allows directory traversal if crafted filenames are directly passed to it.\r\nhttps://www.djangoproject.com/weblog/2022/jan/04/security-releases/", - "cve": "CVE-2021-45452", - "id": "pyup.io-44426", - "more_info_path": "/vulnerabilities/CVE-2021-45452/44426", + "advisory": "Django 2.2.26, 3.2.11 and 4.0.1 include a fix for CVE-2021-45116: An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.\r\nhttps://www.djangoproject.com/weblog/2022/jan/04/security-releases/", + "cve": "CVE-2021-45116", + "id": "pyup.io-44427", + "more_info_path": "/vulnerabilities/CVE-2021-45116/44427", "specs": [ "<2.2.26", ">=3.0a1,<3.2.11", @@ -28007,6 +28435,18 @@ ], "v": "<3.2.19,>=4.0a1,<4.1.9,>=4.2a1,<4.2.1" }, + { + "advisory": "In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.\r\nhttps://www.djangoproject.com/weblog/2023/jul/03/security-releases", + "cve": "CVE-2023-36053", + "id": "pyup.io-59293", + "more_info_path": "/vulnerabilities/CVE-2023-36053/59293", + "specs": [ + "<3.2.20", + ">=4.0a1,<4.1.10", + ">=4.2a1,<4.2.3" + ], + "v": "<3.2.20,>=4.0a1,<4.1.10,>=4.2a1,<4.2.3" + }, { "advisory": "The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected \"static media files,\" which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.\r\nhttps://www.djangoproject.com/weblog/2009/jul/28/security/", "cve": "CVE-2009-2659", @@ -28090,10 +28530,10 @@ "v": ">=1.11a1,<1.11.23,>=2.0a1,<2.1.11,>=2.2a1,<2.2.4" }, { - "advisory": "Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14232: If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", - "cve": "CVE-2019-14232", - "id": "pyup.io-37326", - "more_info_path": "/vulnerabilities/CVE-2019-14232/37326", + "advisory": "Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14234: Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.", + "cve": "CVE-2019-14234", + "id": "pyup.io-39592", + "more_info_path": "/vulnerabilities/CVE-2019-14234/39592", "specs": [ ">=1.11a1,<1.11.23", ">=2.0a1,<2.1.11", @@ -28102,10 +28542,10 @@ "v": ">=1.11a1,<1.11.23,>=2.0a1,<2.1.11,>=2.2a1,<2.2.4" }, { - "advisory": "Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14234: Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of \"OR 1=1\" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.", - "cve": "CVE-2019-14234", - "id": "pyup.io-39592", - "more_info_path": "/vulnerabilities/CVE-2019-14234/39592", + "advisory": "Django 1.11.23, 2.1.11 and 2.2.4 include a fix for CVE-2019-14232: If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.", + "cve": "CVE-2019-14232", + "id": "pyup.io-37326", + "more_info_path": "/vulnerabilities/CVE-2019-14232/37326", "specs": [ ">=1.11a1,<1.11.23", ">=2.0a1,<2.1.11", @@ -28219,6 +28659,19 @@ ], "v": ">=1.5a1,<1.5.2,>=1.6a1,<1.6b2" }, + { + "advisory": "The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by \"http:\\\\\\djangoproject.com.\"", + "cve": "CVE-2014-3730", + "id": "pyup.io-35569", + "more_info_path": "/vulnerabilities/CVE-2014-3730/35569", + "specs": [ + ">=1.5a1,<1.5.8", + ">=1.6a1,<1.6.5", + ">=1.7a1,<1.7b4", + "<1.4.13" + ], + "v": ">=1.5a1,<1.5.8,>=1.6a1,<1.6.5,>=1.7a1,<1.7b4,<1.4.13" + }, { "advisory": "ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries.", "cve": "CVE-2015-0222", @@ -28268,10 +28721,10 @@ "v": ">=1.8.0a1,<1.8.18,>=1.9.0a1,<1.9.13,>=1.10.0a1,<1.10.7" }, { - "advisory": "Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.", - "cve": "CVE-2016-9014", - "id": "pyup.io-33075", - "more_info_path": "/vulnerabilities/CVE-2016-9014/33075", + "advisory": "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.", + "cve": "CVE-2016-9013", + "id": "pyup.io-33076", + "more_info_path": "/vulnerabilities/CVE-2016-9013/33076", "specs": [ ">=1.8a1,<1.8.16", ">=1.9a1,<1.9.11", @@ -28280,10 +28733,10 @@ "v": ">=1.8a1,<1.8.16,>=1.9a1,<1.9.11,>=1.10a1,<1.10.3" }, { - "advisory": "Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the database server by leveraging failure to manually specify a password in the database settings TEST dictionary.", - "cve": "CVE-2016-9013", - "id": "pyup.io-33076", - "more_info_path": "/vulnerabilities/CVE-2016-9013/33076", + "advisory": "Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.", + "cve": "CVE-2016-9014", + "id": "pyup.io-33075", + "more_info_path": "/vulnerabilities/CVE-2016-9014/33075", "specs": [ ">=1.8a1,<1.8.16", ">=1.9a1,<1.9.11", @@ -28910,6 +29363,18 @@ "v": "<1.0" } ], + "django-axes": [ + { + "advisory": "Django-axes 5.20.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/jazzband/django-axes/commit/93341a4d04dbb1772e5f9508789f2816e08db789", + "cve": "PVE-2023-60088", + "id": "pyup.io-60088", + "more_info_path": "/vulnerabilities/PVE-2023-60088/60088", + "specs": [ + "<5.20.0" + ], + "v": "<5.20.0" + } + ], "django-basic-auth-ip-whitelist": [ { "advisory": "Django-basic-auth-ip-whitelist 0.3.4 fixes a potential timing attack if basic authentication is enabled.", @@ -29310,9 +29775,9 @@ }, { "advisory": "Django-dsfr 0.6.2 updates its dependency 'Django' to v3.2.12 to include security fixes.", - "cve": "CVE-2021-45452", - "id": "pyup.io-45310", - "more_info_path": "/vulnerabilities/CVE-2021-45452/45310", + "cve": "CVE-2022-23833", + "id": "pyup.io-45309", + "more_info_path": "/vulnerabilities/CVE-2022-23833/45309", "specs": [ "<0.6.2" ], @@ -29320,9 +29785,9 @@ }, { "advisory": "Django-dsfr 0.6.2 updates its dependency 'Django' to v3.2.12 to include security fixes.", - "cve": "CVE-2021-45116", - "id": "pyup.io-45311", - "more_info_path": "/vulnerabilities/CVE-2021-45116/45311", + "cve": "CVE-2021-45115", + "id": "pyup.io-45312", + "more_info_path": "/vulnerabilities/CVE-2021-45115/45312", "specs": [ "<0.6.2" ], @@ -29330,9 +29795,9 @@ }, { "advisory": "Django-dsfr 0.6.2 updates its dependency 'Django' to v3.2.12 to include security fixes.", - "cve": "CVE-2022-23833", - "id": "pyup.io-45309", - "more_info_path": "/vulnerabilities/CVE-2022-23833/45309", + "cve": "CVE-2021-45452", + "id": "pyup.io-45310", + "more_info_path": "/vulnerabilities/CVE-2021-45452/45310", "specs": [ "<0.6.2" ], @@ -29340,9 +29805,9 @@ }, { "advisory": "Django-dsfr 0.6.2 updates its dependency 'Django' to v3.2.12 to include security fixes.", - "cve": "CVE-2021-45115", - "id": "pyup.io-45312", - "more_info_path": "/vulnerabilities/CVE-2021-45115/45312", + "cve": "CVE-2021-45116", + "id": "pyup.io-45311", + "more_info_path": "/vulnerabilities/CVE-2021-45116/45311", "specs": [ "<0.6.2" ], @@ -29445,14 +29910,24 @@ ], "django-filer": [ { - "advisory": "Django-filer 3.0.0rc2 includes a fix for a XSS vulnerability.\r\nhttps://github.com/django-cms/django-filer/commit/d66a09f68f690b73c0e6011c56bde9852d298440", + "advisory": "Django-filer 3.0.0rc1 includes a fix for a Broken Access Control vulnerability. The staff user without proper permissions cannot browse the filer's folder structure, list files in a folder, add files, and move files and folders by this fix. Also, non-root users only see their own files in unsorted uploads and it shows uncategorized files to the owner or superuser if permissions are active.\r\nhttps://github.com/django-cms/django-filer/pull/1352\r\nhttps://github.com/django-cms/django-filer/commit/43434f7c60320dcfa719742ab84fbe2cfcffb6f1", + "cve": "PVE-2023-59514", + "id": "pyup.io-59514", + "more_info_path": "/vulnerabilities/PVE-2023-59514/59514", + "specs": [ + "<3.0.0rc1" + ], + "v": "<3.0.0rc1" + }, + { + "advisory": "Django-filer 3.0.0rc1 includes a fix for a XSS vulnerability.\r\nhttps://github.com/django-cms/django-filer/pull/1364", "cve": "PVE-2023-59208", "id": "pyup.io-59208", "more_info_path": "/vulnerabilities/PVE-2023-59208/59208", "specs": [ - "<3.0.0rc2" + "<3.0.0rc1" ], - "v": "<3.0.0rc2" + "v": "<3.0.0rc1" } ], "django-filter": [ @@ -29528,9 +30003,9 @@ "django-hashedfilenamestorage": [ { "advisory": "Django-hashedfilenamestorage 2.4 updates Django dependency requirement to >=2.0.8 to include security fixes.", - "cve": "CVE-2018-7537", - "id": "pyup.io-43734", - "more_info_path": "/vulnerabilities/CVE-2018-7537/43734", + "cve": "CVE-2018-14574", + "id": "pyup.io-36802", + "more_info_path": "/vulnerabilities/CVE-2018-14574/36802", "specs": [ "<2.4" ], @@ -29538,9 +30013,9 @@ }, { "advisory": "Django-hashedfilenamestorage 2.4 updates Django dependency requirement to >=2.0.8 to include security fixes.", - "cve": "CVE-2018-14574", - "id": "pyup.io-36802", - "more_info_path": "/vulnerabilities/CVE-2018-14574/36802", + "cve": "CVE-2018-7537", + "id": "pyup.io-43734", + "more_info_path": "/vulnerabilities/CVE-2018-7537/43734", "specs": [ "<2.4" ], @@ -30617,6 +31092,16 @@ ], "v": "<0.9" }, + { + "advisory": "Django-newsletter 0.9b1 updates its dependency 'waitress' to v1.4.2 to include security fixes.", + "cve": "CVE-2019-16792", + "id": "pyup.io-43674", + "more_info_path": "/vulnerabilities/CVE-2019-16792/43674", + "specs": [ + "<0.9b1" + ], + "v": "<0.9b1" + }, { "advisory": "Django-newsletter 0.9b1 updates its dependency 'pillow' to v7.0.0 to include security fixes.", "cve": "CVE-2020-5310", @@ -30687,16 +31172,6 @@ ], "v": "<0.9b1" }, - { - "advisory": "Django-newsletter 0.9b1 updates its dependency 'waitress' to v1.4.2 to include security fixes.", - "cve": "CVE-2019-16792", - "id": "pyup.io-43674", - "more_info_path": "/vulnerabilities/CVE-2019-16792/43674", - "specs": [ - "<0.9b1" - ], - "v": "<0.9b1" - }, { "advisory": "Django-newsletter 0.9b1 updates its dependency 'pillow' to v7.0.0 to include security fixes.", "cve": "CVE-2019-19911", @@ -31441,9 +31916,9 @@ }, { "advisory": "Django-spectator 12.0.1 updates its dependency 'pillow' to v9.0.1 to include security fixes.", - "cve": "CVE-2022-24303", - "id": "pyup.io-47772", - "more_info_path": "/vulnerabilities/CVE-2022-24303/47772", + "cve": "CVE-2022-22817", + "id": "pyup.io-47776", + "more_info_path": "/vulnerabilities/CVE-2022-22817/47776", "specs": [ "<12.0.1" ], @@ -31461,9 +31936,9 @@ }, { "advisory": "Django-spectator 12.0.1 updates its dependency 'pillow' to v9.0.1 to include security fixes.", - "cve": "CVE-2022-22817", - "id": "pyup.io-47776", - "more_info_path": "/vulnerabilities/CVE-2022-22817/47776", + "cve": "CVE-2022-24303", + "id": "pyup.io-47772", + "more_info_path": "/vulnerabilities/CVE-2022-24303/47772", "specs": [ "<12.0.1" ], @@ -31471,9 +31946,9 @@ }, { "advisory": "Django-spectator 12.0.1 updates its dependency 'pillow' to v9.0.1 to include security fixes.", - "cve": "CVE-2022-22815", - "id": "pyup.io-47780", - "more_info_path": "/vulnerabilities/CVE-2022-22815/47780", + "cve": "CVE-2022-22816", + "id": "pyup.io-47779", + "more_info_path": "/vulnerabilities/CVE-2022-22816/47779", "specs": [ "<12.0.1" ], @@ -31481,9 +31956,9 @@ }, { "advisory": "Django-spectator 12.0.1 updates its dependency 'pillow' to v9.0.1 to include security fixes.", - "cve": "CVE-2022-22816", - "id": "pyup.io-47779", - "more_info_path": "/vulnerabilities/CVE-2022-22816/47779", + "cve": "PVE-2021-44525", + "id": "pyup.io-47777", + "more_info_path": "/vulnerabilities/PVE-2021-44525/47777", "specs": [ "<12.0.1" ], @@ -31491,9 +31966,9 @@ }, { "advisory": "Django-spectator 12.0.1 updates its dependency 'pillow' to v9.0.1 to include security fixes.", - "cve": "PVE-2021-44525", - "id": "pyup.io-47777", - "more_info_path": "/vulnerabilities/PVE-2021-44525/47777", + "cve": "CVE-2022-22815", + "id": "pyup.io-47780", + "more_info_path": "/vulnerabilities/CVE-2022-22815/47780", "specs": [ "<12.0.1" ], @@ -31597,9 +32072,9 @@ "django-termsandconditions": [ { "advisory": "Django-termsandconditions 2.0.10 updates its dependency 'Django' to v3.2.13 to include security fixes.", - "cve": "CVE-2021-45115", - "id": "pyup.io-49674", - "more_info_path": "/vulnerabilities/CVE-2021-45115/49674", + "cve": "CVE-2022-28347", + "id": "pyup.io-49668", + "more_info_path": "/vulnerabilities/CVE-2022-28347/49668", "specs": [ "<2.0.10" ], @@ -31607,9 +32082,9 @@ }, { "advisory": "Django-termsandconditions 2.0.10 updates its dependency 'Django' to v3.2.13 to include security fixes.", - "cve": "CVE-2022-22818", - "id": "pyup.io-49670", - "more_info_path": "/vulnerabilities/CVE-2022-22818/49670", + "cve": "CVE-2021-45115", + "id": "pyup.io-49674", + "more_info_path": "/vulnerabilities/CVE-2021-45115/49674", "specs": [ "<2.0.10" ], @@ -31617,9 +32092,9 @@ }, { "advisory": "Django-termsandconditions 2.0.10 updates its dependency 'Django' to v3.2.13 to include security fixes.", - "cve": "CVE-2022-28347", - "id": "pyup.io-49668", - "more_info_path": "/vulnerabilities/CVE-2022-28347/49668", + "cve": "CVE-2022-22818", + "id": "pyup.io-49670", + "more_info_path": "/vulnerabilities/CVE-2022-22818/49670", "specs": [ "<2.0.10" ], @@ -31960,6 +32435,18 @@ "v": "<0.36.1" } ], + "django-url-security": [ + { + "advisory": "Django-url-security 0.0.2 updates its dependency 'mkdocs' to version '1.3.0' to include a fix for a Cross-Site Scripting vulnerability.\r\nhttps://github.com/Edrolo/django-url-security/commit/858bab7be8b5dc7e871c1177ef6a2153d5aea5a4", + "cve": "PVE-2022-47794", + "id": "pyup.io-59457", + "more_info_path": "/vulnerabilities/PVE-2022-47794/59457", + "specs": [ + "<0.0.2" + ], + "v": "<0.0.2" + } + ], "django-urlconf-export": [ { "advisory": "Django-urlconf-export 1.1.1 updates Django to v3.0.7 to include security fixes.", @@ -33035,7 +33522,7 @@ ], "dparse": [ { - "advisory": "Dparse 0.5.2 includes a fix for CVE-2022-39280: Dparse in versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.", + "advisory": "Dparse 0.5.2 includes a fix for CVE-2022-39280: Versions before 0.5.2 contain a regular expression that is vulnerable to a Regular Expression Denial of Service. All the users parsing index server URLs with dparse are impacted by this vulnerability. Users unable to upgrade should avoid passing index server URLs in the source file to be parsed.", "cve": "CVE-2022-39280", "id": "pyup.io-50571", "more_info_path": "/vulnerabilities/CVE-2022-39280/50571", @@ -33133,20 +33620,20 @@ ], "dragonfly-energy": [ { - "advisory": "Dragonfly-energy 1.22.50 updates its dependency 'setuptools' to v65.5.1 to include a security fix.", - "cve": "CVE-2022-40897", - "id": "pyup.io-52576", - "more_info_path": "/vulnerabilities/CVE-2022-40897/52576", + "advisory": "Dragonfly-energy 1.22.50 updates its dependency 'wheel' to v0.38.1 to include a security fix.", + "cve": "CVE-2022-40898", + "id": "pyup.io-52574", + "more_info_path": "/vulnerabilities/CVE-2022-40898/52574", "specs": [ "<1.22.50" ], "v": "<1.22.50" }, { - "advisory": "Dragonfly-energy 1.22.50 updates its dependency 'wheel' to v0.38.1 to include a security fix.", - "cve": "CVE-2022-40898", - "id": "pyup.io-52574", - "more_info_path": "/vulnerabilities/CVE-2022-40898/52574", + "advisory": "Dragonfly-energy 1.22.50 updates its dependency 'setuptools' to v65.5.1 to include a security fix.", + "cve": "CVE-2022-40897", + "id": "pyup.io-52576", + "more_info_path": "/vulnerabilities/CVE-2022-40897/52576", "specs": [ "<1.22.50" ], @@ -33155,20 +33642,20 @@ ], "dragonfly-uwg": [ { - "advisory": "Dragonfly-uwg 0.5.294 updates its dependency 'wheel' to v0.38.1 to include a security fix.", - "cve": "CVE-2022-40898", - "id": "pyup.io-52757", - "more_info_path": "/vulnerabilities/CVE-2022-40898/52757", + "advisory": "Dragonfly-uwg 0.5.294 updates its dependency 'setuptools' to v65.5.1 (for python_version>='3.6') to include a security fix.", + "cve": "CVE-2022-40897", + "id": "pyup.io-52765", + "more_info_path": "/vulnerabilities/CVE-2022-40897/52765", "specs": [ "<0.5.294" ], "v": "<0.5.294" }, { - "advisory": "Dragonfly-uwg 0.5.294 updates its dependency 'setuptools' to v65.5.1 (for python_version>='3.6') to include a security fix.", - "cve": "CVE-2022-40897", - "id": "pyup.io-52765", - "more_info_path": "/vulnerabilities/CVE-2022-40897/52765", + "advisory": "Dragonfly-uwg 0.5.294 updates its dependency 'wheel' to v0.38.1 to include a security fix.", + "cve": "CVE-2022-40898", + "id": "pyup.io-52757", + "more_info_path": "/vulnerabilities/CVE-2022-40898/52757", "specs": [ "<0.5.294" ], @@ -34114,6 +34601,18 @@ "v": "<0.5.2" } ], + "encord-active": [ + { + "advisory": "Encord-active 0.1.63 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/encord-team/encord-active/pull/508", + "cve": "PVE-2023-59692", + "id": "pyup.io-59692", + "more_info_path": "/vulnerabilities/PVE-2023-59692/59692", + "specs": [ + "<0.1.63" + ], + "v": "<0.1.63" + } + ], "enrocrypt": [ { "advisory": "Enrocrypt 1.1.4 includes a fix for CVE-2021-39182: Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. As a workaround, users can remove the 'MD5' hashing function from the file 'hashing.py'.\r\nhttps://github.com/Morgan-Phoenix/EnroCrypt/security/advisories/GHSA-35m5-8cvj-8783\r\nhttps://github.com/Morgan-Phoenix/EnroCrypt/commit/e652d56ac60eadfc26489ab83927af13a9b9d8ce", @@ -34232,6 +34731,18 @@ "v": "<1.3.0" } ], + "ert": [ + { + "advisory": "Ert 4.5.6 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/equinor/ert/pull/5358", + "cve": "PVE-2023-59960", + "id": "pyup.io-59960", + "more_info_path": "/vulnerabilities/PVE-2023-59960/59960", + "specs": [ + "<4.5.6" + ], + "v": "<4.5.6" + } + ], "ert-storage": [ { "advisory": "Ert-storage 0.1.8 enables token-based security for the 'ert-storage'.", @@ -34292,7 +34803,7 @@ ], "esptool": [ { - "advisory": "esptool before 2.5.0 `digest_secure_bootloader` could produce incorrect digest.", + "advisory": "esptool before 2.5.0 `digest_secure_bootloader` could produce incorrect digest.\r\nhttps://github.com/espressif/esptool/commit/86094717dd887b0db3fb167f186aa40c0ba37729", "cve": "PVE-2021-36328", "id": "pyup.io-36328", "more_info_path": "/vulnerabilities/PVE-2021-36328/36328", @@ -34304,7 +34815,7 @@ ], "eth-account": [ { - "advisory": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method\n\nAffected functions:\neth_account._utils.structured_data.validation.TYPE_REGEX", + "advisory": "An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method", "cve": "CVE-2022-1930", "id": "pyup.io-54465", "more_info_path": "/vulnerabilities/CVE-2022-1930/54465", @@ -34539,16 +35050,6 @@ } ], "evennia": [ - { - "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-0740", - "id": "pyup.io-52040", - "more_info_path": "/vulnerabilities/CVE-2016-0740/52040", - "specs": [ - "<0.8" - ], - "v": "<0.8" - }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", "cve": "CVE-2016-3076", @@ -34631,9 +35132,9 @@ }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-9190", - "id": "pyup.io-52039", - "more_info_path": "/vulnerabilities/CVE-2016-9190/52039", + "cve": "CVE-2016-0775", + "id": "pyup.io-52041", + "more_info_path": "/vulnerabilities/CVE-2016-0775/52041", "specs": [ "<0.8" ], @@ -34641,9 +35142,9 @@ }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-0775", - "id": "pyup.io-52041", - "more_info_path": "/vulnerabilities/CVE-2016-0775/52041", + "cve": "CVE-2016-2533", + "id": "pyup.io-52042", + "more_info_path": "/vulnerabilities/CVE-2016-2533/52042", "specs": [ "<0.8" ], @@ -34651,9 +35152,19 @@ }, { "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", - "cve": "CVE-2016-2533", - "id": "pyup.io-52042", - "more_info_path": "/vulnerabilities/CVE-2016-2533/52042", + "cve": "CVE-2016-0740", + "id": "pyup.io-52040", + "more_info_path": "/vulnerabilities/CVE-2016-0740/52040", + "specs": [ + "<0.8" + ], + "v": "<0.8" + }, + { + "advisory": "Evennia 0.8 updates its dependency 'pillow' to v5.2.0 to include security fixes.\r\nhttps://github.com/evennia/evennia/commit/6b7766d2956ae7be19f2cf7be0d43056c0accbb0", + "cve": "CVE-2016-9190", + "id": "pyup.io-52039", + "more_info_path": "/vulnerabilities/CVE-2016-9190/52039", "specs": [ "<0.8" ], @@ -34781,9 +35292,9 @@ "exasol-bucketfs": [ { "advisory": "Exasol-bucketfs 0.8.0 updates its dependency 'cryptography' to include security fixes.", - "cve": "CVE-2023-23931", - "id": "pyup.io-53776", - "more_info_path": "/vulnerabilities/CVE-2023-23931/53776", + "cve": "CVE-2023-0286", + "id": "pyup.io-53774", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53774", "specs": [ "<0.8.0" ], @@ -34791,9 +35302,9 @@ }, { "advisory": "Exasol-bucketfs 0.8.0 updates its dependency 'cryptography' to include security fixes.", - "cve": "CVE-2023-0286", - "id": "pyup.io-53774", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53774", + "cve": "CVE-2023-23931", + "id": "pyup.io-53776", + "more_info_path": "/vulnerabilities/CVE-2023-23931/53776", "specs": [ "<0.8.0" ], @@ -34812,6 +35323,38 @@ "v": "<0.9.0" } ], + "exchanges-wrapper": [ + { + "advisory": "Exchanges-wrapper 1.3.4 updates its dependency 'grpcio' to version '1.56.0' to include a fix for a Connection Confusion vulnerability.\r\nhttps://github.com/DogsTailFarmer/exchanges-wrapper/commit/f679262b648bdf08d4fa4e4f071a12562c25a54a\r\nhttps://github.com/advisories/GHSA-cfgp-2977-2fmm", + "cve": "CVE-2023-32731", + "id": "pyup.io-59871", + "more_info_path": "/vulnerabilities/CVE-2023-32731/59871", + "specs": [ + "<1.3.4" + ], + "v": "<1.3.4" + }, + { + "advisory": "Exchanges-wrapper 1.3.4 updates its dependency 'grpcio' to version '1.56.0' to include a fix for a Connection Termination vulnerability.\r\nhttps://github.com/DogsTailFarmer/exchanges-wrapper/commit/f679262b648bdf08d4fa4e4f071a12562c25a54a\r\nhttps://github.com/advisories/GHSA-9hxf-ppjv-w6rq", + "cve": "CVE-2023-32732", + "id": "pyup.io-59870", + "more_info_path": "/vulnerabilities/CVE-2023-32732/59870", + "specs": [ + "<1.3.4" + ], + "v": "<1.3.4" + }, + { + "advisory": "Exchanges-wrapper 1.3.4 updates its dependency 'grpcio' to version '1.56.0' to include a fix for a Reachable Assertion vulnerability.\r\nhttps://github.com/DogsTailFarmer/exchanges-wrapper/commit/f679262b648bdf08d4fa4e4f071a12562c25a54a\r\nhttps://github.com/advisories/GHSA-6628-q6j9-w8vg", + "cve": "CVE-2023-1428", + "id": "pyup.io-59519", + "more_info_path": "/vulnerabilities/CVE-2023-1428/59519", + "specs": [ + "<1.3.4" + ], + "v": "<1.3.4" + } + ], "exgrex-py": [ { "advisory": "Exgrex-py 0.3a2 updates its dependency 'bleach' to v3.3.0 to include a security fix.", @@ -35238,14 +35781,14 @@ ], "falocalrepo": [ { - "advisory": "Falocalrepo 4.3.4 updates its dependency 'faapi' to v3.7.4 to include a security fix.", - "cve": "CVE-2022-2309", - "id": "pyup.io-50141", - "more_info_path": "/vulnerabilities/CVE-2022-2309/50141", + "advisory": "Falocalrepo 4.3.1 updates its dependency 'falocalrepo-server' to version '3.2.2' to include a fix for a vulnerability.\r\nhttps://github.com/FurryCoders/FALocalRepo/commit/807d2e9e47dcb3ec5cf21569025b9053e2b958b3", + "cve": "CVE-2022-30595", + "id": "pyup.io-59842", + "more_info_path": "/vulnerabilities/CVE-2022-30595/59842", "specs": [ - "<4.3.4" + "<4.3.1" ], - "v": "<4.3.4" + "v": "<4.3.1" }, { "advisory": "Falocalrepo 4.3.4 updates its dependency 'falocalrepo-server' to v3.2.7 to include a security fix.", @@ -35257,6 +35800,16 @@ ], "v": "<4.3.4" }, + { + "advisory": "Falocalrepo 4.3.4 updates its dependency 'faapi' to v3.7.4 to include a security fix.", + "cve": "CVE-2022-2309", + "id": "pyup.io-50141", + "more_info_path": "/vulnerabilities/CVE-2022-2309/50141", + "specs": [ + "<4.3.4" + ], + "v": "<4.3.4" + }, { "advisory": "Falocalrepo 4.4.4 updates its dependency 'requests' minimum requirement to 2.31.0 to include a security fix.", "cve": "CVE-2023-32681", @@ -35314,6 +35867,18 @@ "v": "<1.2.1" } ], + "farm-haystack": [ + { + "advisory": "Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 1.15.0.\r\n\r\nAlias:\r\nGHSA-w7qg-j435-78qw", + "cve": "CVE-2023-1712", + "id": "pyup.io-59567", + "more_info_path": "/vulnerabilities/CVE-2023-1712/59567", + "specs": [ + "<=1.15.0" + ], + "v": "<=1.15.0" + } + ], "fast-curator": [ { "advisory": "Fast-curator 0.2.2 switches to pyyaml `safe_load` for better security.", @@ -35377,16 +35942,6 @@ ], "v": "<0.65.2" }, - { - "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", - "cve": "CVE-2021-46708", - "id": "pyup.io-48161", - "more_info_path": "/vulnerabilities/CVE-2021-46708/48161", - "specs": [ - "<0.75.2" - ], - "v": "<0.75.2" - }, { "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", "cve": "CVE-2018-25031", @@ -35407,6 +35962,16 @@ ], "v": "<0.75.2" }, + { + "advisory": "Fastapi 0.75.2 updates its NPM dependency 'swagger-ui' to include security fixes.", + "cve": "CVE-2021-46708", + "id": "pyup.io-48161", + "more_info_path": "/vulnerabilities/CVE-2021-46708/48161", + "specs": [ + "<0.75.2" + ], + "v": "<0.75.2" + }, { "advisory": "Fastapi 0.92.0 updates its dependency 'Starlette' to v0.25.0 to include a security fix.", "cve": "CVE-2023-30798", @@ -35521,9 +36086,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-0401", - "id": "pyup.io-53886", - "more_info_path": "/vulnerabilities/CVE-2023-0401/53886", + "cve": "CVE-2023-0217", + "id": "pyup.io-53893", + "more_info_path": "/vulnerabilities/CVE-2023-0217/53893", "specs": [ "<1.9.0" ], @@ -35531,9 +36096,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-0286", - "id": "pyup.io-53892", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53892", + "cve": "CVE-2022-4304", + "id": "pyup.io-53895", + "more_info_path": "/vulnerabilities/CVE-2022-4304/53895", "specs": [ "<1.9.0" ], @@ -35541,9 +36106,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-0217", - "id": "pyup.io-53893", - "more_info_path": "/vulnerabilities/CVE-2023-0217/53893", + "cve": "CVE-2023-0286", + "id": "pyup.io-53892", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53892", "specs": [ "<1.9.0" ], @@ -35551,9 +36116,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2023-0215", - "id": "pyup.io-53894", - "more_info_path": "/vulnerabilities/CVE-2023-0215/53894", + "cve": "CVE-2023-0401", + "id": "pyup.io-53886", + "more_info_path": "/vulnerabilities/CVE-2023-0401/53886", "specs": [ "<1.9.0" ], @@ -35561,9 +36126,9 @@ }, { "advisory": "Fastapi-login 1.9.0 updates its dependency 'cryptography' to v39.0.2 to include security fixes. Note that this is now an optional dependency.", - "cve": "CVE-2022-4304", - "id": "pyup.io-53895", - "more_info_path": "/vulnerabilities/CVE-2022-4304/53895", + "cve": "CVE-2023-0215", + "id": "pyup.io-53894", + "more_info_path": "/vulnerabilities/CVE-2023-0215/53894", "specs": [ "<1.9.0" ], @@ -35972,6 +36537,18 @@ "v": ">0" } ], + "ffmpeg-normalize": [ + { + "advisory": "Ffmpeg-normalize 1.24.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/slhck/ffmpeg-normalize/commit/daf1bf15dde81e5916b8fb4c7853c833e89328f9", + "cve": "PVE-2023-59831", + "id": "pyup.io-59831", + "more_info_path": "/vulnerabilities/PVE-2023-59831/59831", + "specs": [ + "<1.24.0" + ], + "v": "<1.24.0" + } + ], "fhir-pyrate": [ { "advisory": "Fhir-pyrate 0.2.0 requires 'numpy' versions '^1.22' to include security fixes.", @@ -36456,7 +37033,7 @@ "v": "<0.6.1" }, { - "advisory": "Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets 'session.permanent = True'\n3. The application does not access or modify the session at any point during a request.\n4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default).\n5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.", + "advisory": "Flask 2.2.5 and 2.3.2 include a fix for CVE-2023-30861: When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches 'Set-Cookie' headers, it may send one client's 'session' cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets 'session.permanent = True' 3. The application does not access or modify the session at any point during a request. 4. 'SESSION_REFRESH_EACH_REQUEST' enabled (the default). 5. The application does not set a 'Cache-Control' header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the 'Vary: Cookie' header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified.\r\nhttps://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq", "cve": "CVE-2023-30861", "id": "pyup.io-55261", "more_info_path": "/vulnerabilities/CVE-2023-30861/55261", @@ -37321,10 +37898,20 @@ "v": "<1.1.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'oauthlib' to v3.2.1 to include a security fix.", - "cve": "CVE-2022-36087", - "id": "pyup.io-51333", - "more_info_path": "/vulnerabilities/CVE-2022-36087/51333", + "advisory": "Flytekit 1.2.0 updates its dependency 'cookiecutter' to v2.1.1 to include a security fix.", + "cve": "CVE-2022-24065", + "id": "pyup.io-51331", + "more_info_path": "/vulnerabilities/CVE-2022-24065/51331", + "specs": [ + "<1.2.0" + ], + "v": "<1.2.0" + }, + { + "advisory": "Flytekit 1.2.0 updates its dependency 'lxml' to v4.9.1 to include a security fix.", + "cve": "CVE-2022-2309", + "id": "pyup.io-51327", + "more_info_path": "/vulnerabilities/CVE-2022-2309/51327", "specs": [ "<1.2.0" ], @@ -37351,10 +37938,10 @@ "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'pyspark' to v3.3.0 to include a security fix.", - "cve": "CVE-2022-33891", - "id": "pyup.io-51332", - "more_info_path": "/vulnerabilities/CVE-2022-33891/51332", + "advisory": "Flytekit 1.2.0 updates its dependency 'oauthlib' to v3.2.1 to include a security fix.", + "cve": "CVE-2022-36087", + "id": "pyup.io-51333", + "more_info_path": "/vulnerabilities/CVE-2022-36087/51333", "specs": [ "<1.2.0" ], @@ -37371,20 +37958,10 @@ "v": "<1.2.0" }, { - "advisory": "Flytekit 1.2.0 updates its dependency 'lxml' to v4.9.1 to include a security fix.", - "cve": "CVE-2022-2309", - "id": "pyup.io-51327", - "more_info_path": "/vulnerabilities/CVE-2022-2309/51327", - "specs": [ - "<1.2.0" - ], - "v": "<1.2.0" - }, - { - "advisory": "Flytekit 1.2.0 updates its dependency 'cookiecutter' to v2.1.1 to include a security fix.", - "cve": "CVE-2022-24065", - "id": "pyup.io-51331", - "more_info_path": "/vulnerabilities/CVE-2022-24065/51331", + "advisory": "Flytekit 1.2.0 updates its dependency 'pyspark' to v3.3.0 to include a security fix.", + "cve": "CVE-2022-33891", + "id": "pyup.io-51332", + "more_info_path": "/vulnerabilities/CVE-2022-33891/51332", "specs": [ "<1.2.0" ], @@ -37486,6 +38063,16 @@ ], "v": "<1.3.0a3" }, + { + "advisory": "Fractal-server 1.3.0a3 updates its dependency 'cryptography' to version '41.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/739/commits/ec5bbd57acabf5a1fc357cfb96c21e059c619475", + "cve": "CVE-2023-2650", + "id": "pyup.io-59002", + "more_info_path": "/vulnerabilities/CVE-2023-2650/59002", + "specs": [ + "<1.3.0a3" + ], + "v": "<1.3.0a3" + }, { "advisory": "Fractal-server 1.3.0a3 updates its dependency 'pymdown-extensions' to version '10.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/723", "cve": "CVE-2023-32309", @@ -37505,16 +38092,6 @@ "<1.3.0a3" ], "v": "<1.3.0a3" - }, - { - "advisory": "Fractal-server 1.3.0a3 updates its dependency 'cryptography' to version '41.0.1' to include a security fix.\r\nhttps://github.com/fractal-analytics-platform/fractal-server/pull/739/commits/ec5bbd57acabf5a1fc357cfb96c21e059c619475", - "cve": "CVE-2023-2650", - "id": "pyup.io-59002", - "more_info_path": "/vulnerabilities/CVE-2023-2650/59002", - "specs": [ - "<1.3.0a3" - ], - "v": "<1.3.0a3" } ], "freeipa": [ @@ -37768,9 +38345,9 @@ }, { "advisory": "Ftw.recipe.solr 1.3.6 fixes a system property for Log4j configuration file to be compatible with secure versions of this package.", - "cve": "CVE-2021-45105", - "id": "pyup.io-43440", - "more_info_path": "/vulnerabilities/CVE-2021-45105/43440", + "cve": "CVE-2021-45046", + "id": "pyup.io-43396", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43396", "specs": [ "<1.3.6" ], @@ -37778,9 +38355,9 @@ }, { "advisory": "Ftw.recipe.solr 1.3.6 fixes a system property for Log4j configuration file to be compatible with secure versions of this package.", - "cve": "CVE-2021-45046", - "id": "pyup.io-43396", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43396", + "cve": "CVE-2021-45105", + "id": "pyup.io-43440", + "more_info_path": "/vulnerabilities/CVE-2021-45105/43440", "specs": [ "<1.3.6" ], @@ -37809,6 +38386,38 @@ "v": "<1.0.7" } ], + "fundaml": [ + { + "advisory": "Fundaml 0.1.32 updates its dependency 'ipython' to version '8.10.0' to include a fix for a Remote Code Execution vulnerability.\r\nhttps://github.com/tzoght/fundaml/commit/02e60c4d8474aa673f02a65556fef2382fe4cf16", + "cve": "CVE-2023-24816", + "id": "pyup.io-59401", + "more_info_path": "/vulnerabilities/CVE-2023-24816/59401", + "specs": [ + "<0.1.32" + ], + "v": "<0.1.32" + }, + { + "advisory": "Fundaml 0.1.32 updates its dependency 'setuptools' to version '65.5.1' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/tzoght/fundaml/commit/95aeda8943821f08e322cf77b4411047afba861e", + "cve": "CVE-2022-40897", + "id": "pyup.io-59397", + "more_info_path": "/vulnerabilities/CVE-2022-40897/59397", + "specs": [ + "<0.1.32" + ], + "v": "<0.1.32" + }, + { + "advisory": "Fundaml 0.1.32 updates its dependency 'tornado' to version '6.3.2' to include a fix for an Open Redirect vulnerability.\r\nhttps://github.com/tzoght/fundaml/commit/b892b169d7156c2470d266e874e877ba41e40d5e", + "cve": "CVE-2023-28370", + "id": "pyup.io-59402", + "more_info_path": "/vulnerabilities/CVE-2023-28370/59402", + "specs": [ + "<0.1.32" + ], + "v": "<0.1.32" + } + ], "fundnsf": [ { "advisory": "Fundnsf 0.0.32 updates requests to v2.20.0 for including a security fix.", @@ -37985,7 +38594,7 @@ "v": "<1.11.0" }, { - "advisory": "The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.", + "advisory": "Gdal 1.11.0 applies a patch for CVE-2013-6629 in the JPEG driver.", "cve": "CVE-2013-6629", "id": "pyup.io-42374", "more_info_path": "/vulnerabilities/CVE-2013-6629/42374", @@ -38005,20 +38614,20 @@ "v": "<2.3.0" }, { - "advisory": "Gdal 2.3.0 drops support for PostgreSQL client library older than 7.4, or non security maintained releases older than 8.1.4, 8.0.8, 7.4.13, 7.3.15.", - "cve": "CVE-2006-2314", - "id": "pyup.io-42372", - "more_info_path": "/vulnerabilities/CVE-2006-2314/42372", + "advisory": "Gdal 2.3.0 includes more than 1000 fixes for issues/vulnerabilities found by OSS-Fuzz, that lead to, at least, DoS.", + "cve": "PVE-2021-42371", + "id": "pyup.io-42371", + "more_info_path": "/vulnerabilities/PVE-2021-42371/42371", "specs": [ "<2.3.0" ], "v": "<2.3.0" }, { - "advisory": "Gdal 2.3.0 includes more than 1000 fixes for issues/vulnerabilities found by OSS-Fuzz, that lead to, at least, DoS.", - "cve": "PVE-2021-42371", - "id": "pyup.io-42371", - "more_info_path": "/vulnerabilities/PVE-2021-42371/42371", + "advisory": "Gdal 2.3.0 drops support for PostgreSQL client library older than 7.4, or non security maintained releases older than 8.1.4, 8.0.8, 7.4.13, 7.3.15.", + "cve": "CVE-2006-2314", + "id": "pyup.io-42372", + "more_info_path": "/vulnerabilities/CVE-2006-2314/42372", "specs": [ "<2.3.0" ], @@ -38252,6 +38861,16 @@ "<2.8.1" ], "v": "<2.8.1" + }, + { + "advisory": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.\r\n\r\nAlias(es):\r\nGHSA-mcmc-c59m-pqq8\r\nPYSEC-2023-15", + "cve": "CVE-2023-26043", + "id": "pyup.io-59545", + "more_info_path": "/vulnerabilities/CVE-2023-26043/59545", + "specs": [ + "<4.0.3" + ], + "v": "<4.0.3" } ], "geonode-oauth-toolkit": [ @@ -38266,6 +38885,18 @@ "v": "<0.8.0" } ], + "geoshape": [ + { + "advisory": "Geoshape 1.7.11 and prior versions rely on Geonode 1.4, which is vulnerable to CVE-2023-26043.", + "cve": "CVE-2023-26043", + "id": "pyup.io-59550", + "more_info_path": "/vulnerabilities/CVE-2023-26043/59550", + "specs": [ + "<=1.7.11" + ], + "v": "<=1.7.11" + } + ], "gequests": [ { "advisory": "Gequests is a malicious package, typosquatting the popular Python 'requests' library. It embeds source code that retrieves a Golang-based ransomware binary from a remote server.\r\nhttps://thehackernews.com/2022/12/malware-strains-targeting-python-and.html", @@ -39202,16 +39833,6 @@ ], "v": "<1.3.8" }, - { - "advisory": "Google-images-search 1.3.8 updates its dependency 'Pillow' to version 8.1.1 to include security fixes.", - "cve": "CVE-2021-25291", - "id": "pyup.io-43483", - "more_info_path": "/vulnerabilities/CVE-2021-25291/43483", - "specs": [ - "<1.3.8" - ], - "v": "<1.3.8" - }, { "advisory": "Google-images-search 1.3.8 updates its dependency 'Pillow' to version 8.1.1 to include security fixes.", "cve": "CVE-2021-25293", @@ -39261,6 +39882,16 @@ "<1.3.8" ], "v": "<1.3.8" + }, + { + "advisory": "Google-images-search 1.3.8 updates its dependency 'Pillow' to version 8.1.1 to include security fixes.", + "cve": "CVE-2021-25291", + "id": "pyup.io-43483", + "more_info_path": "/vulnerabilities/CVE-2021-25291/43483", + "specs": [ + "<1.3.8" + ], + "v": "<1.3.8" } ], "gordo": [ @@ -39284,6 +39915,16 @@ ], "v": "<0.4.0" }, + { + "advisory": "Gordo 0.67.0 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/equinor/gordo/pull/1045", + "cve": "PVE-2023-59600", + "id": "pyup.io-59600", + "more_info_path": "/vulnerabilities/PVE-2023-59600/59600", + "specs": [ + "<0.67.0" + ], + "v": "<0.67.0" + }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23591", @@ -39306,9 +39947,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-51204", - "more_info_path": "/vulnerabilities/CVE-2022-23563/51204", + "cve": "CVE-2022-23576", + "id": "pyup.io-51217", + "more_info_path": "/vulnerabilities/CVE-2022-23576/51217", "specs": [ "<1.12.0" ], @@ -39316,9 +39957,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23582", - "id": "pyup.io-51222", - "more_info_path": "/vulnerabilities/CVE-2022-23582/51222", + "cve": "CVE-2022-21725", + "id": "pyup.io-51180", + "more_info_path": "/vulnerabilities/CVE-2022-21725/51180", "specs": [ "<1.12.0" ], @@ -39326,9 +39967,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23562", - "id": "pyup.io-51203", - "more_info_path": "/vulnerabilities/CVE-2022-23562/51203", + "cve": "CVE-2022-23564", + "id": "pyup.io-51205", + "more_info_path": "/vulnerabilities/CVE-2022-23564/51205", "specs": [ "<1.12.0" ], @@ -39336,9 +39977,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21734", - "id": "pyup.io-51189", - "more_info_path": "/vulnerabilities/CVE-2022-21734/51189", + "cve": "CVE-2022-21741", + "id": "pyup.io-51196", + "more_info_path": "/vulnerabilities/CVE-2022-21741/51196", "specs": [ "<1.12.0" ], @@ -39346,9 +39987,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23575", - "id": "pyup.io-51216", - "more_info_path": "/vulnerabilities/CVE-2022-23575/51216", + "cve": "CVE-2022-23579", + "id": "pyup.io-51220", + "more_info_path": "/vulnerabilities/CVE-2022-23579/51220", "specs": [ "<1.12.0" ], @@ -39356,9 +39997,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23567", - "id": "pyup.io-51208", - "more_info_path": "/vulnerabilities/CVE-2022-23567/51208", + "cve": "CVE-2022-23575", + "id": "pyup.io-51216", + "more_info_path": "/vulnerabilities/CVE-2022-23575/51216", "specs": [ "<1.12.0" ], @@ -39376,9 +40017,29 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21733", - "id": "pyup.io-51188", - "more_info_path": "/vulnerabilities/CVE-2022-21733/51188", + "cve": "CVE-2022-23589", + "id": "pyup.io-51229", + "more_info_path": "/vulnerabilities/CVE-2022-23589/51229", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23562", + "id": "pyup.io-51203", + "more_info_path": "/vulnerabilities/CVE-2022-23562/51203", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21734", + "id": "pyup.io-51189", + "more_info_path": "/vulnerabilities/CVE-2022-21734/51189", "specs": [ "<1.12.0" ], @@ -39394,6 +40055,96 @@ ], "v": "<1.12.0" }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23557", + "id": "pyup.io-51198", + "more_info_path": "/vulnerabilities/CVE-2022-23557/51198", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21732", + "id": "pyup.io-51187", + "more_info_path": "/vulnerabilities/CVE-2022-21732/51187", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23574", + "id": "pyup.io-51215", + "more_info_path": "/vulnerabilities/CVE-2022-23574/51215", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23569", + "id": "pyup.io-51210", + "more_info_path": "/vulnerabilities/CVE-2022-23569/51210", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23563", + "id": "pyup.io-51204", + "more_info_path": "/vulnerabilities/CVE-2022-23563/51204", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23578", + "id": "pyup.io-51219", + "more_info_path": "/vulnerabilities/CVE-2022-23578/51219", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23582", + "id": "pyup.io-51222", + "more_info_path": "/vulnerabilities/CVE-2022-23582/51222", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-23567", + "id": "pyup.io-51208", + "more_info_path": "/vulnerabilities/CVE-2022-23567/51208", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, + { + "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", + "cve": "CVE-2022-21733", + "id": "pyup.io-51188", + "more_info_path": "/vulnerabilities/CVE-2022-21733/51188", + "specs": [ + "<1.12.0" + ], + "v": "<1.12.0" + }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-21727", @@ -39426,29 +40177,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23589", - "id": "pyup.io-51229", - "more_info_path": "/vulnerabilities/CVE-2022-23589/51229", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23564", - "id": "pyup.io-51205", - "more_info_path": "/vulnerabilities/CVE-2022-23564/51205", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21725", - "id": "pyup.io-51180", - "more_info_path": "/vulnerabilities/CVE-2022-21725/51180", + "cve": "CVE-2022-21738", + "id": "pyup.io-51193", + "more_info_path": "/vulnerabilities/CVE-2022-21738/51193", "specs": [ "<1.12.0" ], @@ -39456,9 +40187,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21741", - "id": "pyup.io-51196", - "more_info_path": "/vulnerabilities/CVE-2022-21741/51196", + "cve": "CVE-2022-23571", + "id": "pyup.io-51212", + "more_info_path": "/vulnerabilities/CVE-2022-23571/51212", "specs": [ "<1.12.0" ], @@ -39466,9 +40197,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23579", - "id": "pyup.io-51220", - "more_info_path": "/vulnerabilities/CVE-2022-23579/51220", + "cve": "CVE-2022-23561", + "id": "pyup.io-51202", + "more_info_path": "/vulnerabilities/CVE-2022-23561/51202", "specs": [ "<1.12.0" ], @@ -39476,9 +40207,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23578", - "id": "pyup.io-51219", - "more_info_path": "/vulnerabilities/CVE-2022-23578/51219", + "cve": "CVE-2022-21736", + "id": "pyup.io-51191", + "more_info_path": "/vulnerabilities/CVE-2022-21736/51191", "specs": [ "<1.12.0" ], @@ -39486,9 +40217,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23576", - "id": "pyup.io-51217", - "more_info_path": "/vulnerabilities/CVE-2022-23576/51217", + "cve": "CVE-2022-23595", + "id": "pyup.io-51231", + "more_info_path": "/vulnerabilities/CVE-2022-23595/51231", "specs": [ "<1.12.0" ], @@ -39496,9 +40227,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23557", - "id": "pyup.io-51198", - "more_info_path": "/vulnerabilities/CVE-2022-23557/51198", + "cve": "CVE-2022-21728", + "id": "pyup.io-51183", + "more_info_path": "/vulnerabilities/CVE-2022-21728/51183", "specs": [ "<1.12.0" ], @@ -39506,9 +40237,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23565", - "id": "pyup.io-51206", - "more_info_path": "/vulnerabilities/CVE-2022-23565/51206", + "cve": "CVE-2022-21737", + "id": "pyup.io-51192", + "more_info_path": "/vulnerabilities/CVE-2022-21737/51192", "specs": [ "<1.12.0" ], @@ -39516,9 +40247,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21732", - "id": "pyup.io-51187", - "more_info_path": "/vulnerabilities/CVE-2022-21732/51187", + "cve": "CVE-2022-23558", + "id": "pyup.io-51199", + "more_info_path": "/vulnerabilities/CVE-2022-23558/51199", "specs": [ "<1.12.0" ], @@ -39526,9 +40257,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23571", - "id": "pyup.io-51212", - "more_info_path": "/vulnerabilities/CVE-2022-23571/51212", + "cve": "CVE-2022-23587", + "id": "pyup.io-51227", + "more_info_path": "/vulnerabilities/CVE-2022-23587/51227", "specs": [ "<1.12.0" ], @@ -39536,9 +40267,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21738", - "id": "pyup.io-51193", - "more_info_path": "/vulnerabilities/CVE-2022-21738/51193", + "cve": "CVE-2022-23565", + "id": "pyup.io-51206", + "more_info_path": "/vulnerabilities/CVE-2022-23565/51206", "specs": [ "<1.12.0" ], @@ -39556,19 +40287,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21736", - "id": "pyup.io-51191", - "more_info_path": "/vulnerabilities/CVE-2022-21736/51191", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23583", - "id": "pyup.io-51223", - "more_info_path": "/vulnerabilities/CVE-2022-23583/51223", + "cve": "CVE-2022-23568", + "id": "pyup.io-51209", + "more_info_path": "/vulnerabilities/CVE-2022-23568/51209", "specs": [ "<1.12.0" ], @@ -39576,9 +40297,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23568", - "id": "pyup.io-51209", - "more_info_path": "/vulnerabilities/CVE-2022-23568/51209", + "cve": "CVE-2022-23573", + "id": "pyup.io-51214", + "more_info_path": "/vulnerabilities/CVE-2022-23573/51214", "specs": [ "<1.12.0" ], @@ -39606,9 +40327,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23573", - "id": "pyup.io-51214", - "more_info_path": "/vulnerabilities/CVE-2022-23573/51214", + "cve": "CVE-2022-21740", + "id": "pyup.io-51195", + "more_info_path": "/vulnerabilities/CVE-2022-21740/51195", "specs": [ "<1.12.0" ], @@ -39636,9 +40357,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21740", - "id": "pyup.io-51195", - "more_info_path": "/vulnerabilities/CVE-2022-21740/51195", + "cve": "CVE-2022-21730", + "id": "pyup.io-51185", + "more_info_path": "/vulnerabilities/CVE-2022-21730/51185", "specs": [ "<1.12.0" ], @@ -39664,26 +40385,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21730", - "id": "pyup.io-51185", - "more_info_path": "/vulnerabilities/CVE-2022-21730/51185", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23561", - "id": "pyup.io-51202", - "more_info_path": "/vulnerabilities/CVE-2022-23561/51202", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23570", @@ -39694,46 +40395,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23595", - "id": "pyup.io-51231", - "more_info_path": "/vulnerabilities/CVE-2022-23595/51231", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23572", - "id": "pyup.io-51213", - "more_info_path": "/vulnerabilities/CVE-2022-23572/51213", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21728", - "id": "pyup.io-51183", - "more_info_path": "/vulnerabilities/CVE-2022-21728/51183", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-22576", - "id": "pyup.io-51197", - "more_info_path": "/vulnerabilities/CVE-2022-22576/51197", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"numpy\" to v1.21.0 to include a security fix.", "cve": "CVE-2021-33430", @@ -39744,26 +40405,6 @@ ], "v": "<1.12.0" }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23574", - "id": "pyup.io-51215", - "more_info_path": "/vulnerabilities/CVE-2022-23574/51215", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, - { - "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21737", - "id": "pyup.io-51192", - "more_info_path": "/vulnerabilities/CVE-2022-21737/51192", - "specs": [ - "<1.12.0" - ], - "v": "<1.12.0" - }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", "cve": "CVE-2022-23585", @@ -39776,9 +40417,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23558", - "id": "pyup.io-51199", - "more_info_path": "/vulnerabilities/CVE-2022-23558/51199", + "cve": "CVE-2018-25032", + "id": "pyup.io-51177", + "more_info_path": "/vulnerabilities/CVE-2018-25032/51177", "specs": [ "<1.12.0" ], @@ -39786,9 +40427,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23569", - "id": "pyup.io-51210", - "more_info_path": "/vulnerabilities/CVE-2022-23569/51210", + "cve": "CVE-2022-21726", + "id": "pyup.io-51181", + "more_info_path": "/vulnerabilities/CVE-2022-21726/51181", "specs": [ "<1.12.0" ], @@ -39796,9 +40437,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-23587", - "id": "pyup.io-51227", - "more_info_path": "/vulnerabilities/CVE-2022-23587/51227", + "cve": "CVE-2022-23583", + "id": "pyup.io-51223", + "more_info_path": "/vulnerabilities/CVE-2022-23583/51223", "specs": [ "<1.12.0" ], @@ -39806,9 +40447,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2018-25032", - "id": "pyup.io-51177", - "more_info_path": "/vulnerabilities/CVE-2018-25032/51177", + "cve": "CVE-2022-23572", + "id": "pyup.io-51213", + "more_info_path": "/vulnerabilities/CVE-2022-23572/51213", "specs": [ "<1.12.0" ], @@ -39816,9 +40457,9 @@ }, { "advisory": "Gordo 1.12.0 updates its dependency \"TensorFlow\" requirement to \"~=2.7.0\" to include security fixes.", - "cve": "CVE-2022-21726", - "id": "pyup.io-51181", - "more_info_path": "/vulnerabilities/CVE-2022-21726/51181", + "cve": "CVE-2022-22576", + "id": "pyup.io-51197", + "more_info_path": "/vulnerabilities/CVE-2022-22576/51197", "specs": [ "<1.12.0" ], @@ -39833,6 +40474,36 @@ "<5.1.2" ], "v": "<5.1.2" + }, + { + "advisory": "Gordo 5.1.3 fixes vulnerabilities in its Docker image.\r\nhttps://github.com/equinor/gordo/pull/1328/files", + "cve": "PVE-2023-59299", + "id": "pyup.io-59299", + "more_info_path": "/vulnerabilities/PVE-2023-59299/59299", + "specs": [ + "<5.1.3" + ], + "v": "<5.1.3" + }, + { + "advisory": "Gordo 5.1.4 updates its dependency 'mlflow' to version '2.5.0' to fix a Directory Traversal vulnerability.\r\nhttps://github.com/equinor/gordo/pull/1329", + "cve": "CVE-2023-3765", + "id": "pyup.io-59679", + "more_info_path": "/vulnerabilities/CVE-2023-3765/59679", + "specs": [ + "<5.1.4" + ], + "v": "<5.1.4" + }, + { + "advisory": "Gordo 5.1.4 updates its dependency 'cryptography' to version '41.0.2' to fix an Improper Certificate Validation vulnerability.\r\nhttps://github.com/equinor/gordo/pull/1329", + "cve": "CVE-2023-38325", + "id": "pyup.io-59599", + "more_info_path": "/vulnerabilities/CVE-2023-38325/59599", + "specs": [ + "<5.1.4" + ], + "v": "<5.1.4" } ], "gordo-client": [ @@ -39959,7 +40630,7 @@ "v": "<3.19.1" }, { - "advisory": "Gradio is an open-source Python library that is used to build machine learning and data science. Due to a lack of path filtering Gradio does not properly restrict file access to users. Additionally Gradio does not properly restrict the what URLs are proxied. These issues have been addressed in version 3.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", + "advisory": "Gradio 3.34.0 includes a fix for a path traversal vulnerability.\r\nhttps://github.com/gradio-app/gradio/pull/4370\r\nhttps://github.com/gradio-app/gradio/security/advisories/GHSA-3qqg-pgqq-3695", "cve": "CVE-2023-34239", "id": "pyup.io-58902", "more_info_path": "/vulnerabilities/CVE-2023-34239/58902", @@ -40145,20 +40816,20 @@ ], "graphscope": [ { - "advisory": "Graphscope 0.7.0 updates its dependency 'Apache Commons IO' to v2.7 to include a security fix.", - "cve": "CVE-2021-29425", - "id": "pyup.io-42560", - "more_info_path": "/vulnerabilities/CVE-2021-29425/42560", + "advisory": "Graphscope 0.7.0 updates its dependency 'SLF4J' to v1.7.31 to include a security fix.", + "cve": "CVE-2018-8088", + "id": "pyup.io-42561", + "more_info_path": "/vulnerabilities/CVE-2018-8088/42561", "specs": [ "<0.7.0" ], "v": "<0.7.0" }, { - "advisory": "Graphscope 0.7.0 updates its dependency 'SLF4J' to v1.7.31 to include a security fix.", - "cve": "CVE-2018-8088", - "id": "pyup.io-42561", - "more_info_path": "/vulnerabilities/CVE-2018-8088/42561", + "advisory": "Graphscope 0.7.0 updates its dependency 'Apache Commons IO' to v2.7 to include a security fix.", + "cve": "CVE-2021-29425", + "id": "pyup.io-42560", + "more_info_path": "/vulnerabilities/CVE-2021-29425/42560", "specs": [ "<0.7.0" ], @@ -40237,6 +40908,36 @@ "<1.3.0" ], "v": "<1.3.0" + }, + { + "advisory": "Grpcio 1.53.0 includes a fix for a Connection Termination vulnerability. The prior versions contain a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies.\r\nhttps://github.com/advisories/GHSA-9hxf-ppjv-w6rq", + "cve": "CVE-2023-32732", + "id": "pyup.io-59868", + "more_info_path": "/vulnerabilities/CVE-2023-32732/59868", + "specs": [ + "<1.53.0" + ], + "v": "<1.53.0" + }, + { + "advisory": "Grpcio 1.53.0 includes a fix for a Connection Confusion vulnerability. When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration.\r\nhttps://github.com/advisories/GHSA-cfgp-2977-2fmm", + "cve": "CVE-2023-32731", + "id": "pyup.io-59869", + "more_info_path": "/vulnerabilities/CVE-2023-32731/59869", + "specs": [ + "<1.53.0" + ], + "v": "<1.53.0" + }, + { + "advisory": "Grpcio 1.53.0 includes a fix for a Reachable Assertion vulnerability. \r\nhttps://github.com/advisories/GHSA-6628-q6j9-w8vg", + "cve": "CVE-2023-1428", + "id": "pyup.io-59867", + "more_info_path": "/vulnerabilities/CVE-2023-1428/59867", + "specs": [ + "<1.53.0" + ], + "v": "<1.53.0" } ], "grpcio-tools": [ @@ -40359,7 +41060,7 @@ "v": "<0.1.5" }, { - "advisory": "GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function. This issue is patched in version 0.1.5.", + "advisory": "GuardDog versions before 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the tarfile.TarFile.extractall function.", "cve": "CVE-2022-23531", "id": "pyup.io-54607", "more_info_path": "/vulnerabilities/CVE-2022-23531/54607", @@ -40483,9 +41184,9 @@ "h2o": [ { "advisory": "H2o 3.34.0.7 updates its dependency 'log4j' to v2.17.0 to fix critical and severe vulnerabilities.\r\nhttps://github.com/h2oai/h2o-3/commit/85dc8a3fdbfef002919d15764b1ad99b3c39f851", - "cve": "CVE-2021-44228", - "id": "pyup.io-43397", - "more_info_path": "/vulnerabilities/CVE-2021-44228/43397", + "cve": "CVE-2021-45105", + "id": "pyup.io-43439", + "more_info_path": "/vulnerabilities/CVE-2021-45105/43439", "specs": [ "<3.34.0.7" ], @@ -40493,9 +41194,9 @@ }, { "advisory": "H2o 3.34.0.7 updates its dependency 'log4j' to v2.17.0 to fix critical and severe vulnerabilities.\r\nhttps://github.com/h2oai/h2o-3/commit/85dc8a3fdbfef002919d15764b1ad99b3c39f851", - "cve": "CVE-2021-45105", - "id": "pyup.io-43439", - "more_info_path": "/vulnerabilities/CVE-2021-45105/43439", + "cve": "CVE-2021-45046", + "id": "pyup.io-43398", + "more_info_path": "/vulnerabilities/CVE-2021-45046/43398", "specs": [ "<3.34.0.7" ], @@ -40503,9 +41204,9 @@ }, { "advisory": "H2o 3.34.0.7 updates its dependency 'log4j' to v2.17.0 to fix critical and severe vulnerabilities.\r\nhttps://github.com/h2oai/h2o-3/commit/85dc8a3fdbfef002919d15764b1ad99b3c39f851", - "cve": "CVE-2021-45046", - "id": "pyup.io-43398", - "more_info_path": "/vulnerabilities/CVE-2021-45046/43398", + "cve": "CVE-2021-44228", + "id": "pyup.io-43397", + "more_info_path": "/vulnerabilities/CVE-2021-44228/43397", "specs": [ "<3.34.0.7" ], @@ -40520,6 +41221,166 @@ "<3.36.0.1" ], "v": "<3.36.0.1" + }, + { + "advisory": "H2o 3.36.1.3 updates its dependency 'gson' to '2.9.0' to fix CVE-2022-25647.\r\nhttps://github.com/h2oai/h2o-3/pull/6220", + "cve": "CVE-2022-25647", + "id": "pyup.io-59343", + "more_info_path": "/vulnerabilities/CVE-2022-25647/59343", + "specs": [ + "<3.36.1.3" + ], + "v": "<3.36.1.3" + }, + { + "advisory": "H2o 3.36.1.4 updates its dependency 'jetty' to '9.4.48.v20220622' to fix CVE-2019-10172.\r\nhttps://github.com/h2oai/h2o-3/pull/6263", + "cve": "CVE-2019-10172", + "id": "pyup.io-59342", + "more_info_path": "/vulnerabilities/CVE-2019-10172/59342", + "specs": [ + "<3.36.1.4" + ], + "v": "<3.36.1.4" + }, + { + "advisory": "H2o 3.36.1.4 updates its dependency AWS Java SDK to '1.12.127' to fix CVE-2021-22573.\r\nhttps://github.com/h2oai/h2o-3/pull/6263", + "cve": "CVE-2021-22573", + "id": "pyup.io-59340", + "more_info_path": "/vulnerabilities/CVE-2021-22573/59340", + "specs": [ + "<3.36.1.4" + ], + "v": "<3.36.1.4" + }, + { + "advisory": "H2o 3.38.0.2 updates its dependency 'jackson-databind' to '2.13.4.2' to fix CVE-2022-42003.\r\nhttps://github.com/h2oai/h2o-3/pull/6389", + "cve": "CVE-2022-42003", + "id": "pyup.io-59338", + "more_info_path": "/vulnerabilities/CVE-2022-42003/59338", + "specs": [ + "<3.38.0.2" + ], + "v": "<3.38.0.2" + }, + { + "advisory": "H2o 3.38.0.2 updates its dependency 'commons-text' to '1.10.0' to fix CVE-2022-42889.\r\nhttps://github.com/h2oai/h2o-3/pull/6389", + "cve": "CVE-2022-42889", + "id": "pyup.io-59339", + "more_info_path": "/vulnerabilities/CVE-2022-42889/59339", + "specs": [ + "<3.38.0.2" + ], + "v": "<3.38.0.2" + }, + { + "advisory": "H2o 3.38.0.4 updates its dependency 'google-cloud-storage' to '2.13.1' to fix CVE-2022-3509.\r\nhttps://github.com/h2oai/h2o-3/pull/6459", + "cve": "CVE-2022-3509", + "id": "pyup.io-59337", + "more_info_path": "/vulnerabilities/CVE-2022-3509/59337", + "specs": [ + "<3.38.0.4" + ], + "v": "<3.38.0.4" + }, + { + "advisory": "H2o 3.40.0.3 removes its dependency 'jets3t' to fix CVE-2014-125087.\r\nhttps://github.com/h2oai/h2o-3/pull/6659", + "cve": "CVE-2014-125087", + "id": "pyup.io-59336", + "more_info_path": "/vulnerabilities/CVE-2014-125087/59336", + "specs": [ + "<3.40.0.3" + ], + "v": "<3.40.0.3" + }, + { + "advisory": "H2o 3.40.0.4 updates its dependency 'json-smart' to '2.4.10' to fix CVE-2023-1370.\r\n https://github.com/h2oai/h2o-3/pull/6680", + "cve": "CVE-2023-1370", + "id": "pyup.io-59335", + "more_info_path": "/vulnerabilities/CVE-2023-1370/59335", + "specs": [ + "<3.40.0.4" + ], + "v": "<3.40.0.4" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'jetty' to '9.4.51.v20230217' to fix CVE-2023-26048.\r\nhttps://github.com/h2oai/h2o-3/pull/15547", + "cve": "CVE-2023-26048", + "id": "pyup.io-59329", + "more_info_path": "/vulnerabilities/CVE-2023-26048/59329", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'guava' to '32.0.1-jre' to fix CVE-2023-2976.\r\nhttps://github.com/h2oai/h2o-3/pull/15593", + "cve": "CVE-2023-2976", + "id": "pyup.io-59320", + "more_info_path": "/vulnerabilities/CVE-2023-2976/59320", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'kotlin-stdlib' to '1.4.32' to fix CVE-2020-29582.\r\nhttps://github.com/h2oai/h2o-3/pull/15549", + "cve": "CVE-2020-29582", + "id": "pyup.io-59328", + "more_info_path": "/vulnerabilities/CVE-2020-29582/59328", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-45693.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2022-45693", + "id": "pyup.io-59332", + "more_info_path": "/vulnerabilities/CVE-2022-45693/59332", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'jetty' to '9.4.51.v20230217' to fix CVE-2023-26049.\r\nhttps://github.com/h2oai/h2o-3/pull/15547", + "cve": "CVE-2023-26049", + "id": "pyup.io-59330", + "more_info_path": "/vulnerabilities/CVE-2023-26049/59330", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2023-1436.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2023-1436", + "id": "pyup.io-59331", + "more_info_path": "/vulnerabilities/CVE-2023-1436/59331", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-45685.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2022-45685", + "id": "pyup.io-59333", + "more_info_path": "/vulnerabilities/CVE-2022-45685/59333", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" + }, + { + "advisory": "H2o 3.42.0.1 updates its dependency 'jettison' to '1.5.4' to fix CVE-2022-40150.\r\nhttps://github.com/h2oai/h2o-3/pull/6826", + "cve": "CVE-2022-40150", + "id": "pyup.io-59334", + "more_info_path": "/vulnerabilities/CVE-2022-40150/59334", + "specs": [ + "<3.42.0.1" + ], + "v": "<3.42.0.1" } ], "hail": [ @@ -40991,6 +41852,16 @@ ], "v": "<0.37" }, + { + "advisory": "Homeassistant 0.83.1 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/home-assistant/core/pull/18796", + "cve": "PVE-2023-59816", + "id": "pyup.io-59816", + "more_info_path": "/vulnerabilities/PVE-2023-59816/59816", + "specs": [ + "<0.83.1" + ], + "v": "<0.83.1" + }, { "advisory": "Homeassistant 2023.3.0 includes a fix for CVE-2023-27482: A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.\r\nhttps://github.com/home-assistant/core/security/advisories/GHSA-2j8f-h4mr-qr25", "cve": "CVE-2023-27482", @@ -41046,20 +41917,20 @@ ], "honeybee-radiance": [ { - "advisory": "Honeybee-radiance 1.64.132 updates its dev dependency 'wheel' to v0.38.1 to include a security fix.", - "cve": "CVE-2022-40898", - "id": "pyup.io-52981", - "more_info_path": "/vulnerabilities/CVE-2022-40898/52981", + "advisory": "Honeybee-radiance 1.64.132 updates its dev dependency 'setuptools' to v65.5.1 to include a security fix.", + "cve": "CVE-2022-40897", + "id": "pyup.io-52982", + "more_info_path": "/vulnerabilities/CVE-2022-40897/52982", "specs": [ "<1.64.132" ], "v": "<1.64.132" }, { - "advisory": "Honeybee-radiance 1.64.132 updates its dev dependency 'setuptools' to v65.5.1 to include a security fix.", - "cve": "CVE-2022-40897", - "id": "pyup.io-52982", - "more_info_path": "/vulnerabilities/CVE-2022-40897/52982", + "advisory": "Honeybee-radiance 1.64.132 updates its dev dependency 'wheel' to v0.38.1 to include a security fix.", + "cve": "CVE-2022-40898", + "id": "pyup.io-52981", + "more_info_path": "/vulnerabilities/CVE-2022-40898/52981", "specs": [ "<1.64.132" ], @@ -41068,20 +41939,20 @@ ], "honeybee-radiance-postprocess": [ { - "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'wheel' to v0.38.1 to include a security fix.", - "cve": "CVE-2022-40898", - "id": "pyup.io-53615", - "more_info_path": "/vulnerabilities/CVE-2022-40898/53615", + "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'setuptools' to v65.5.1 to include a security fix.", + "cve": "CVE-2022-40897", + "id": "pyup.io-53623", + "more_info_path": "/vulnerabilities/CVE-2022-40897/53623", "specs": [ "<0.4.166" ], "v": "<0.4.166" }, { - "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'setuptools' to v65.5.1 to include a security fix.", - "cve": "CVE-2022-40897", - "id": "pyup.io-53623", - "more_info_path": "/vulnerabilities/CVE-2022-40897/53623", + "advisory": "Honeybee-radiance-postprocess 0.4.166 updates its dependency 'wheel' to v0.38.1 to include a security fix.", + "cve": "CVE-2022-40898", + "id": "pyup.io-53615", + "more_info_path": "/vulnerabilities/CVE-2022-40898/53615", "specs": [ "<0.4.166" ], @@ -41581,16 +42452,6 @@ ], "v": "<3.2.4" }, - { - "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", - "cve": "CVE-2021-41228", - "id": "pyup.io-46016", - "more_info_path": "/vulnerabilities/CVE-2021-41228/46016", - "specs": [ - "<3.4.0" - ], - "v": "<3.4.0" - }, { "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", "cve": "CVE-2020-26267", @@ -41861,6 +42722,16 @@ ], "v": "<3.4.0" }, + { + "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", + "cve": "CVE-2021-22923", + "id": "pyup.io-45871", + "more_info_path": "/vulnerabilities/CVE-2021-22923/45871", + "specs": [ + "<3.4.0" + ], + "v": "<3.4.0" + }, { "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", "cve": "CVE-2021-29562", @@ -41891,16 +42762,6 @@ ], "v": "<3.4.0" }, - { - "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", - "cve": "CVE-2021-22923", - "id": "pyup.io-45871", - "more_info_path": "/vulnerabilities/CVE-2021-22923/45871", - "specs": [ - "<3.4.0" - ], - "v": "<3.4.0" - }, { "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", "cve": "CVE-2021-29581", @@ -43221,6 +44082,16 @@ ], "v": "<3.4.0" }, + { + "advisory": "Hotaru 3.4.0 updates its dependency 'Tensorflow' minimum requirement to v2.6.1 to include security fixes.", + "cve": "CVE-2021-41228", + "id": "pyup.io-46016", + "more_info_path": "/vulnerabilities/CVE-2021-41228/46016", + "specs": [ + "<3.4.0" + ], + "v": "<3.4.0" + }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", "cve": "CVE-2022-21738", @@ -43273,9 +44144,9 @@ }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23563", - "id": "pyup.io-46041", - "more_info_path": "/vulnerabilities/CVE-2022-23563/46041", + "cve": "CVE-2022-23577", + "id": "pyup.io-46055", + "more_info_path": "/vulnerabilities/CVE-2022-23577/46055", "specs": [ "<3.4.1" ], @@ -43283,9 +44154,9 @@ }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23577", - "id": "pyup.io-46055", - "more_info_path": "/vulnerabilities/CVE-2022-23577/46055", + "cve": "CVE-2022-23586", + "id": "pyup.io-46064", + "more_info_path": "/vulnerabilities/CVE-2022-23586/46064", "specs": [ "<3.4.1" ], @@ -43293,9 +44164,9 @@ }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23586", - "id": "pyup.io-46064", - "more_info_path": "/vulnerabilities/CVE-2022-23586/46064", + "cve": "CVE-2022-23563", + "id": "pyup.io-46041", + "more_info_path": "/vulnerabilities/CVE-2022-23563/46041", "specs": [ "<3.4.1" ], @@ -43401,16 +44272,6 @@ ], "v": "<3.4.1" }, - { - "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23583", - "id": "pyup.io-46061", - "more_info_path": "/vulnerabilities/CVE-2022-23583/46061", - "specs": [ - "<3.4.1" - ], - "v": "<3.4.1" - }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", "cve": "CVE-2022-21736", @@ -43531,16 +44392,6 @@ ], "v": "<3.4.1" }, - { - "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23572", - "id": "pyup.io-46050", - "more_info_path": "/vulnerabilities/CVE-2022-23572/46050", - "specs": [ - "<3.4.1" - ], - "v": "<3.4.1" - }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", "cve": "CVE-2022-23576", @@ -43571,16 +44422,6 @@ ], "v": "<3.4.1" }, - { - "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", - "cve": "CVE-2022-23580", - "id": "pyup.io-46058", - "more_info_path": "/vulnerabilities/CVE-2022-23580/46058", - "specs": [ - "<3.4.1" - ], - "v": "<3.4.1" - }, { "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", "cve": "CVE-2022-23581", @@ -43750,6 +44591,36 @@ "<3.4.1" ], "v": "<3.4.1" + }, + { + "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", + "cve": "CVE-2022-23580", + "id": "pyup.io-46058", + "more_info_path": "/vulnerabilities/CVE-2022-23580/46058", + "specs": [ + "<3.4.1" + ], + "v": "<3.4.1" + }, + { + "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", + "cve": "CVE-2022-23583", + "id": "pyup.io-46061", + "more_info_path": "/vulnerabilities/CVE-2022-23583/46061", + "specs": [ + "<3.4.1" + ], + "v": "<3.4.1" + }, + { + "advisory": "Hotaru 3.4.1 updates its dependency 'TensorFlow' minimum requirement to v2.8.0 to include security fixes.", + "cve": "CVE-2022-23572", + "id": "pyup.io-46050", + "more_info_path": "/vulnerabilities/CVE-2022-23572/46050", + "specs": [ + "<3.4.1" + ], + "v": "<3.4.1" } ], "hover": [ @@ -43989,19 +44860,9 @@ }, { "advisory": "Httprunner 3.1.7 updates its dependency 'pyyaml' to v5.4.1 to include security fixes.", - "cve": "CVE-2019-20477", - "id": "pyup.io-47847", - "more_info_path": "/vulnerabilities/CVE-2019-20477/47847", - "specs": [ - "<3.1.7" - ], - "v": "<3.1.7" - }, - { - "advisory": "Httprunner 3.1.7 updates its dependency 'uvicorn' to v0.11.7 to include security fixes.", - "cve": "CVE-2020-7694", - "id": "pyup.io-47850", - "more_info_path": "/vulnerabilities/CVE-2020-7694/47850", + "cve": "CVE-2020-14343", + "id": "pyup.io-47848", + "more_info_path": "/vulnerabilities/CVE-2020-14343/47848", "specs": [ "<3.1.7" ], @@ -44029,9 +44890,19 @@ }, { "advisory": "Httprunner 3.1.7 updates its dependency 'pyyaml' to v5.4.1 to include security fixes.", - "cve": "CVE-2020-14343", - "id": "pyup.io-47848", - "more_info_path": "/vulnerabilities/CVE-2020-14343/47848", + "cve": "CVE-2019-20477", + "id": "pyup.io-47847", + "more_info_path": "/vulnerabilities/CVE-2019-20477/47847", + "specs": [ + "<3.1.7" + ], + "v": "<3.1.7" + }, + { + "advisory": "Httprunner 3.1.7 updates its dependency 'uvicorn' to v0.11.7 to include security fixes.", + "cve": "CVE-2020-7694", + "id": "pyup.io-47850", + "more_info_path": "/vulnerabilities/CVE-2020-7694/47850", "specs": [ "<3.1.7" ], @@ -44326,6 +45197,16 @@ "<3.69.8" ], "v": "<3.69.8" + }, + { + "advisory": "Hypothesis 6.0.4 includes a fix for a Race Condition vulnerability.\r\nhttps://github.com/HypothesisWorks/hypothesis/pull/2783", + "cve": "PVE-2023-59726", + "id": "pyup.io-59726", + "more_info_path": "/vulnerabilities/PVE-2023-59726/59726", + "specs": [ + "<6.0.4" + ], + "v": "<6.0.4" } ], "hyppo": [ @@ -44722,16 +45603,6 @@ ], "v": "<2.1.3" }, - { - "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2020-5310", - "id": "pyup.io-38163", - "more_info_path": "/vulnerabilities/CVE-2020-5310/38163", - "specs": [ - "<2.2.8" - ], - "v": "<2.2.8" - }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", "cve": "CVE-2020-5312", @@ -44744,9 +45615,9 @@ }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", - "cve": "CVE-2019-19911", - "id": "pyup.io-43465", - "more_info_path": "/vulnerabilities/CVE-2019-19911/43465", + "cve": "CVE-2020-5310", + "id": "pyup.io-38163", + "more_info_path": "/vulnerabilities/CVE-2020-5310/38163", "specs": [ "<2.2.8" ], @@ -44772,6 +45643,16 @@ ], "v": "<2.2.8" }, + { + "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", + "cve": "CVE-2019-19911", + "id": "pyup.io-43465", + "more_info_path": "/vulnerabilities/CVE-2019-19911/43465", + "specs": [ + "<2.2.8" + ], + "v": "<2.2.8" + }, { "advisory": "Indico 2.2.8 updates its dependency 'pillow' to v6.2.2 to include security fixes.", "cve": "CVE-2020-5313", @@ -44853,20 +45734,20 @@ "v": "<3.0rc1" }, { - "advisory": "Indico 3.2.3 sanitizes HTML in global announcement messages to avoid XSS attacks.", - "cve": "PVE-2023-53437", - "id": "pyup.io-53437", - "more_info_path": "/vulnerabilities/PVE-2023-53437/53437", + "advisory": "Indico 3.2.3 updates its dependency 'cryptography ' to include a security fix.", + "cve": "CVE-2023-0286", + "id": "pyup.io-53450", + "more_info_path": "/vulnerabilities/CVE-2023-0286/53450", "specs": [ "<3.2.3" ], "v": "<3.2.3" }, { - "advisory": "Indico 3.2.3 updates its dependency 'cryptography ' to include a security fix.", - "cve": "CVE-2023-0286", - "id": "pyup.io-53450", - "more_info_path": "/vulnerabilities/CVE-2023-0286/53450", + "advisory": "Indico 3.2.3 sanitizes HTML in global announcement messages to avoid XSS attacks.", + "cve": "PVE-2023-53437", + "id": "pyup.io-53437", + "more_info_path": "/vulnerabilities/PVE-2023-53437/53437", "specs": [ "<3.2.3" ], @@ -44892,6 +45773,16 @@ ], "v": "<3.2.5" }, + { + "advisory": "Indico 3.2.6 includes a fix for an XSS vulnerability. Exploitation requires someone with at least submission privileges (such as a speaker) and then rely on someone else to attempt to delete this content. However, considering that event organizers may indeed delete suspicious-looking content when encountering it, there is a non-negligible risk of such an attack to succeed.\r\nhttps://github.com/indico/indico/pull/5862\r\nhttps://github.com/indico/indico/security/advisories/GHSA-fmqq-25x9-c6hm", + "cve": "PVE-2023-59751", + "id": "pyup.io-59751", + "more_info_path": "/vulnerabilities/PVE-2023-59751/59751", + "specs": [ + "<3.2.6" + ], + "v": "<3.2.6" + }, { "advisory": "Indico 2.0.3 no longer shows contribution information (metadata including title, speakers and a partial description) in the contribution list unless the user has access to a contribution.", "cve": "PVE-2021-37568", @@ -45515,20 +46406,6 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, - { - "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15211: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative \"-1\" value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the \"-1\" index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue was patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). A potential workaround would be to add a custom \"Verifier\" to the model loading code to ensure that only operators which accept optional inputs use the \"-1\" special value and only for the tensors that they expect to be optional. Since this allow-list type approach is error-prone, it's advised upgrading to the patched code.", - "cve": "CVE-2020-15211", - "id": "pyup.io-57036", - "more_info_path": "/vulnerabilities/CVE-2020-15211/57036", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0a0,<2.1.2", - ">=2.2.0a0,<2.2.1", - ">=2.3.0a0,<2.3.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" - }, { "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", "cve": "CVE-2020-15208", @@ -45543,20 +46420,6 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, - { - "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15190: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the \"tf.raw_ops.Switch\" operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is \"nullptr\", hence we are binding a reference to \"nullptr\". This is undefined behavior and reported as an error if compiling with \"-fsanitize=null\". In this case, this results in a segmentation fault The issue was patched in commit da8558533d925694483d2c136a9220d6d49d843c\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4", - "cve": "CVE-2020-15190", - "id": "pyup.io-57038", - "more_info_path": "/vulnerabilities/CVE-2020-15190/57038", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0a0,<2.1.2", - ">=2.2.0a0,<2.2.1", - ">=2.3.0a0,<2.3.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" - }, { "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", "cve": "CVE-2020-15202", @@ -45614,10 +46477,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", - "cve": "CVE-2020-15207", - "id": "pyup.io-57043", - "more_info_path": "/vulnerabilities/CVE-2020-15207/57043", + "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15211: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative \"-1\" value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the \"-1\" index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue was patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83). A potential workaround would be to add a custom \"Verifier\" to the model loading code to ensure that only operators which accept optional inputs use the \"-1\" special value and only for the tensors that they expect to be optional. Since this allow-list type approach is error-prone, it's advised upgrading to the patched code.", + "cve": "CVE-2020-15211", + "id": "pyup.io-57036", + "more_info_path": "/vulnerabilities/CVE-2020-15211/57036", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -45628,17 +46491,32 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13631.", - "cve": "CVE-2020-13631", - "id": "pyup.io-57029", - "more_info_path": "/vulnerabilities/CVE-2020-13631/57029", + "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15190: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the \"tf.raw_ops.Switch\" operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is \"nullptr\", hence we are binding a reference to \"nullptr\". This is undefined behavior and reported as an error if compiling with \"-fsanitize=null\". In this case, this results in a segmentation fault The issue was patched in commit da8558533d925694483d2c136a9220d6d49d843c\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4", + "cve": "CVE-2020-15190", + "id": "pyup.io-57038", + "more_info_path": "/vulnerabilities/CVE-2020-15190/57038", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", - ">=2.1.0rc0,<2.1.2", - ">=2.2.0rc0,<2.2.1" + ">=2.1.0a0,<2.1.2", + ">=2.2.0a0,<2.2.1", + ">=2.3.0a0,<2.3.1" ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" + }, + { + "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", + "cve": "CVE-2020-15207", + "id": "pyup.io-57043", + "more_info_path": "/vulnerabilities/CVE-2020-15207/57043", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0a0,<2.1.2", + ">=2.2.0a0,<2.2.1", + ">=2.3.0a0,<2.3.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13435.", @@ -45654,10 +46532,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, { - "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11655.", - "cve": "CVE-2020-11655", - "id": "pyup.io-57027", - "more_info_path": "/vulnerabilities/CVE-2020-11655/57027", + "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13631.", + "cve": "CVE-2020-13631", + "id": "pyup.io-57029", + "more_info_path": "/vulnerabilities/CVE-2020-13631/57029", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -45679,6 +46557,19 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" }, + { + "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 update its dependency \"SQLite\" to handle CVE-2020-11655.", + "cve": "CVE-2020-11655", + "id": "pyup.io-57027", + "more_info_path": "/vulnerabilities/CVE-2020-11655/57027", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0rc0,<2.1.2", + ">=2.2.0rc0,<2.2.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1" + }, { "advisory": "Intel-tensorflow versions 1.15.4, 2.0.3, 2.1.2 and 2.2.1 updates its dependency \"SQLite\" to handle CVE-2020-13871.", "cve": "CVE-2020-13871", @@ -45816,10 +46707,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2" }, { - "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26271: In affected versions, under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library.", - "cve": "CVE-2020-26271", - "id": "pyup.io-57013", - "more_info_path": "/vulnerabilities/CVE-2020-26271/57013", + "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26267: In affected versions, the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes.", + "cve": "CVE-2020-26267", + "id": "pyup.io-57014", + "more_info_path": "/vulnerabilities/CVE-2020-26267/57014", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -45831,10 +46722,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26267: In affected versions, the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes.", - "cve": "CVE-2020-26267", - "id": "pyup.io-57014", - "more_info_path": "/vulnerabilities/CVE-2020-26267/57014", + "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0 includes a fix for CVE-2020-26266: In affected versions and under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen.", + "cve": "CVE-2020-26266", + "id": "pyup.io-57015", + "more_info_path": "/vulnerabilities/CVE-2020-26266/57015", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -45846,10 +46737,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0 includes a fix for CVE-2020-26266: In affected versions and under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen.", - "cve": "CVE-2020-26266", - "id": "pyup.io-57015", - "more_info_path": "/vulnerabilities/CVE-2020-26266/57015", + "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26270: In affected versions, running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer.", + "cve": "CVE-2020-26270", + "id": "pyup.io-57017", + "more_info_path": "/vulnerabilities/CVE-2020-26270/57017", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -45861,10 +46752,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26268: In affected versions, the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden.", - "cve": "CVE-2020-26268", - "id": "pyup.io-57016", - "more_info_path": "/vulnerabilities/CVE-2020-26268/57016", + "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26271: In affected versions, under certain cases, loading a saved model can result in accessing uninitialized memory while building the computation graph. The MakeEdge function creates an edge between one output tensor of the src node (given by output_index) and the input slot of the dst node (given by input_index). This is only possible if the types of the tensors on both sides coincide, so the function begins by obtaining the corresponding DataType values and comparing these for equality. However, there is no check that the indices point to inside of the arrays they index into. Thus, this can result in accessing data out of bounds of the corresponding heap allocated arrays. In most scenarios, this can manifest as unitialized data access, but if the index points far away from the boundaries of the arrays this can be used to leak addresses from the library.", + "cve": "CVE-2020-26271", + "id": "pyup.io-57013", + "more_info_path": "/vulnerabilities/CVE-2020-26271/57013", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -45876,10 +46767,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26270: In affected versions, running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer.", - "cve": "CVE-2020-26270", - "id": "pyup.io-57017", - "more_info_path": "/vulnerabilities/CVE-2020-26270/57017", + "advisory": "Intel-tensorflow versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 and 2.4.0 includes a fix for CVE-2020-26268: In affected versions, the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden.", + "cve": "CVE-2020-26268", + "id": "pyup.io-57016", + "more_info_path": "/vulnerabilities/CVE-2020-26268/57016", "specs": [ "<1.15.5", ">=2.0.0a0,<2.0.4", @@ -45891,10 +46782,10 @@ "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", - "cve": "CVE-2023-25668", - "id": "pyup.io-56613", - "more_info_path": "/vulnerabilities/CVE-2023-25668/56613", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", + "cve": "CVE-2023-25663", + "id": "pyup.io-56615", + "more_info_path": "/vulnerabilities/CVE-2023-25663/56615", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -45902,10 +46793,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25664: Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", - "cve": "CVE-2023-25664", - "id": "pyup.io-56614", - "more_info_path": "/vulnerabilities/CVE-2023-25664/56614", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", + "cve": "CVE-2023-25659", + "id": "pyup.io-56618", + "more_info_path": "/vulnerabilities/CVE-2023-25659/56618", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -45913,10 +46804,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25663: Prior to versions 2.12.0 and 2.11.1, when 'ctx->step_containter()' is a null ptr, the Lookup function will be executed with a null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w", - "cve": "CVE-2023-25663", - "id": "pyup.io-56615", - "more_info_path": "/vulnerabilities/CVE-2023-25663/56615", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25664: Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr", + "cve": "CVE-2023-25664", + "id": "pyup.io-56614", + "more_info_path": "/vulnerabilities/CVE-2023-25664/56614", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -45945,17 +46836,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25659: Prior to versions 2.12.0 and 2.11.1, if the parameter 'indices' for 'DynamicStitch' does not match the shape of the parameter 'data', it can trigger an stack OOB read.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p", - "cve": "CVE-2023-25659", - "id": "pyup.io-56618", - "more_info_path": "/vulnerabilities/CVE-2023-25659/56618", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25658: Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6", "cve": "CVE-2023-25658", @@ -45979,10 +46859,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25673", - "id": "pyup.io-56599", - "more_info_path": "/vulnerabilities/CVE-2023-25673/56599", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", + "cve": "CVE-2023-25666", + "id": "pyup.io-56602", + "more_info_path": "/vulnerabilities/CVE-2023-25666/56602", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -45990,10 +46870,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", - "cve": "CVE-2023-25672", - "id": "pyup.io-56600", - "more_info_path": "/vulnerabilities/CVE-2023-25672/56600", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", + "cve": "CVE-2023-25676", + "id": "pyup.io-56601", + "more_info_path": "/vulnerabilities/CVE-2023-25676/56601", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -46001,10 +46881,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", - "cve": "CVE-2023-25666", - "id": "pyup.io-56602", - "more_info_path": "/vulnerabilities/CVE-2023-25666/56602", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", + "cve": "CVE-2023-25801", + "id": "pyup.io-56606", + "more_info_path": "/vulnerabilities/CVE-2023-25801/56606", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -46012,10 +46892,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", - "cve": "CVE-2023-25667", - "id": "pyup.io-56603", - "more_info_path": "/vulnerabilities/CVE-2023-25667/56603", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25673", + "id": "pyup.io-56599", + "more_info_path": "/vulnerabilities/CVE-2023-25673/56599", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -46023,10 +46903,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", - "cve": "CVE-2023-25674", - "id": "pyup.io-56604", - "more_info_path": "/vulnerabilities/CVE-2023-25674/56604", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25672: The function 'tf.raw_ops.LookupTableImportV2' cannot handle scalars in the 'values' parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", + "cve": "CVE-2023-25672", + "id": "pyup.io-56600", + "more_info_path": "/vulnerabilities/CVE-2023-25672/56600", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -46034,10 +46914,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", - "cve": "CVE-2023-25676", - "id": "pyup.io-56601", - "more_info_path": "/vulnerabilities/CVE-2023-25676/56601", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", + "cve": "CVE-2023-25667", + "id": "pyup.io-56603", + "more_info_path": "/vulnerabilities/CVE-2023-25667/56603", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -46045,10 +46925,10 @@ "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, { - "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", - "cve": "CVE-2023-25801", - "id": "pyup.io-56606", - "more_info_path": "/vulnerabilities/CVE-2023-25801/56606", + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", + "cve": "CVE-2023-25674", + "id": "pyup.io-56604", + "more_info_path": "/vulnerabilities/CVE-2023-25674/56604", "specs": [ "<2.11.1", ">=2.12.0rc0,<2.12.0" @@ -46121,6 +47001,17 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, + { + "advisory": "Intel-tensorflow 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", + "cve": "CVE-2023-25668", + "id": "pyup.io-56613", + "more_info_path": "/vulnerabilities/CVE-2023-25668/56613", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Intel-tensorflow 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", "cve": "CVE-2020-15265", @@ -46132,10 +47023,10 @@ "v": "<2.4.0" }, { - "advisory": "Intel-tensorflow 2.4.0 includes a fix for CVE-2020-15266: In Tensorflow before version 2.4.0, when the 'boxes' argument of 'tf.image.crop_and_resize' has a very large value, the CPU kernel implementation receives it as a C++ 'nan' floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.\nhttps://github.com/tensorflow/tensorflow/issues/42129\nhttps://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc", - "cve": "CVE-2020-15266", - "id": "pyup.io-57019", - "more_info_path": "/vulnerabilities/CVE-2020-15266/57019", + "advisory": "Intel-tensorflow 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", + "cve": "CVE-2020-15265", + "id": "pyup.io-57022", + "more_info_path": "/vulnerabilities/CVE-2020-15265/57022", "specs": [ "<2.4.0" ], @@ -46152,10 +47043,10 @@ "v": "<2.4.0" }, { - "advisory": "Intel-tensorflow 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", - "cve": "CVE-2020-15265", - "id": "pyup.io-57022", - "more_info_path": "/vulnerabilities/CVE-2020-15265/57022", + "advisory": "Intel-tensorflow 2.4.0 includes a fix for CVE-2020-15266: In Tensorflow before version 2.4.0, when the 'boxes' argument of 'tf.image.crop_and_resize' has a very large value, the CPU kernel implementation receives it as a C++ 'nan' floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.\nhttps://github.com/tensorflow/tensorflow/issues/42129\nhttps://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc", + "cve": "CVE-2020-15266", + "id": "pyup.io-57019", + "more_info_path": "/vulnerabilities/CVE-2020-15266/57019", "specs": [ "<2.4.0" ], @@ -46186,10 +47077,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41214", - "id": "pyup.io-56813", - "more_info_path": "/vulnerabilities/CVE-2021-41214/56813", + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41226: In affected versions, the implementation of 'SparseBinCount' is vulnerable to a heap OOB access. This is because of missing validation between the elements of the 'values' argument and the shape of the sparse output. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8\nhttps://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba", + "cve": "CVE-2021-41226", + "id": "pyup.io-56821", + "more_info_path": "/vulnerabilities/CVE-2021-41226/56821", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -46198,10 +47089,46 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41226: In affected versions, the implementation of 'SparseBinCount' is vulnerable to a heap OOB access. This is because of missing validation between the elements of the 'values' argument and the shape of the sparse output. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-374m-jm66-3vj8\nhttps://github.com/tensorflow/tensorflow/commit/f410212e373eb2aec4c9e60bf3702eba99a38aba", - "cve": "CVE-2021-41226", - "id": "pyup.io-56821", - "more_info_path": "/vulnerabilities/CVE-2021-41226/56821", + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", + "cve": "CVE-2021-41199", + "id": "pyup.io-56822", + "more_info_path": "/vulnerabilities/CVE-2021-41199/56822", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", + "cve": "CVE-2021-41202", + "id": "pyup.io-56819", + "more_info_path": "/vulnerabilities/CVE-2021-41202/56819", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41198: In affected versions, if 'tf.tile' is called with a large input argument, then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q", + "cve": "CVE-2021-41198", + "id": "pyup.io-56830", + "more_info_path": "/vulnerabilities/CVE-2021-41198/56830", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41214", + "id": "pyup.io-56813", + "more_info_path": "/vulnerabilities/CVE-2021-41214/56813", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -46305,18 +47232,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", - "cve": "CVE-2021-41227", - "id": "pyup.io-56800", - "more_info_path": "/vulnerabilities/CVE-2021-41227/56800", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", "cve": "CVE-2021-41218", @@ -46341,18 +47256,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", - "cve": "CVE-2021-41201", - "id": "pyup.io-56803", - "more_info_path": "/vulnerabilities/CVE-2021-41201/56803", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", "cve": "CVE-2021-41209", @@ -46401,30 +47304,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41215: In affected versions, the shape inference code for 'DeserializeSparse' can trigger a null pointer dereference. This is because the shape inference function assumes that the 'serialize_sparse' tensor is a tensor with positive rank (and having '3' as the last dimension). The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r\nhttps://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850", - "cve": "CVE-2021-41215", - "id": "pyup.io-56808", - "more_info_path": "/vulnerabilities/CVE-2021-41215/56808", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, - { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", - "cve": "CVE-2021-41219", - "id": "pyup.io-56814", - "more_info_path": "/vulnerabilities/CVE-2021-41219/56814", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", "cve": "CVE-2021-22924", @@ -46461,18 +47340,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", - "cve": "CVE-2021-41202", - "id": "pyup.io-56819", - "more_info_path": "/vulnerabilities/CVE-2021-41202/56819", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", "cve": "CVE-2021-41204", @@ -46485,18 +47352,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41199: In affected versions, if 'tf.image.resize' is called with a large input argument then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm", - "cve": "CVE-2021-41199", - "id": "pyup.io-56822", - "more_info_path": "/vulnerabilities/CVE-2021-41199/56822", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41203: In affected versions, an attacker can trigger undefined behavior, integer overflows, segfaults and 'CHECK'-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7pxj-m4jf-r6h2", "cve": "CVE-2021-41203", @@ -46558,10 +47413,46 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41198: In affected versions, if 'tf.tile' is called with a large input argument, then the TensorFlow process will crash due to a 'CHECK'-failure caused by an overflow. The number of elements in the output tensor is too much for the 'int64_t' type and the overflow is detected via a 'CHECK' statement. This aborts the process. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2p25-55c9-h58q", - "cve": "CVE-2021-41198", - "id": "pyup.io-56830", - "more_info_path": "/vulnerabilities/CVE-2021-41198/56830", + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", + "cve": "CVE-2021-41227", + "id": "pyup.io-56800", + "more_info_path": "/vulnerabilities/CVE-2021-41227/56800", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", + "cve": "CVE-2021-41201", + "id": "pyup.io-56803", + "more_info_path": "/vulnerabilities/CVE-2021-41201/56803", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41215: In affected versions, the shape inference code for 'DeserializeSparse' can trigger a null pointer dereference. This is because the shape inference function assumes that the 'serialize_sparse' tensor is a tensor with positive rank (and having '3' as the last dimension). The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x3v8-c8qx-3j3r\nhttps://github.com/tensorflow/tensorflow/commit/d3738dd70f1c9ceb547258cbb82d853da8771850", + "cve": "CVE-2021-41215", + "id": "pyup.io-56808", + "more_info_path": "/vulnerabilities/CVE-2021-41215/56808", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", + "cve": "CVE-2021-41219", + "id": "pyup.io-56814", + "more_info_path": "/vulnerabilities/CVE-2021-41219/56814", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -46582,10 +47473,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1" }, { - "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23591", - "id": "pyup.io-56785", - "more_info_path": "/vulnerabilities/CVE-2022-23591/56785", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", + "cve": "CVE-2022-23580", + "id": "pyup.io-56783", + "more_info_path": "/vulnerabilities/CVE-2022-23580/56783", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46595,10 +47486,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", - "cve": "CVE-2022-23563", - "id": "pyup.io-56748", - "more_info_path": "/vulnerabilities/CVE-2022-23563/56748", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23570", + "id": "pyup.io-56753", + "more_info_path": "/vulnerabilities/CVE-2022-23570/56753", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46608,10 +47499,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-56749", - "more_info_path": "/vulnerabilities/CVE-2022-21730/56749", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", + "cve": "CVE-2022-21725", + "id": "pyup.io-56778", + "more_info_path": "/vulnerabilities/CVE-2022-21725/56778", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46621,10 +47512,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", - "cve": "CVE-2022-21729", - "id": "pyup.io-56770", - "more_info_path": "/vulnerabilities/CVE-2022-21729/56770", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", + "cve": "CVE-2022-23565", + "id": "pyup.io-56782", + "more_info_path": "/vulnerabilities/CVE-2022-23565/56782", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46634,10 +47525,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", - "cve": "CVE-2022-23580", - "id": "pyup.io-56783", - "more_info_path": "/vulnerabilities/CVE-2022-23580/56783", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", + "cve": "CVE-2022-21732", + "id": "pyup.io-56786", + "more_info_path": "/vulnerabilities/CVE-2022-21732/56786", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46647,10 +47538,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23577", - "id": "pyup.io-56784", - "more_info_path": "/vulnerabilities/CVE-2022-23577/56784", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23566", + "id": "pyup.io-56788", + "more_info_path": "/vulnerabilities/CVE-2022-23566/56788", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46660,10 +47551,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", - "cve": "CVE-2022-21738", - "id": "pyup.io-56791", - "more_info_path": "/vulnerabilities/CVE-2022-21738/56791", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23588", + "id": "pyup.io-56792", + "more_info_path": "/vulnerabilities/CVE-2022-23588/56792", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46673,10 +47564,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", - "cve": "CVE-2022-23568", - "id": "pyup.io-56746", - "more_info_path": "/vulnerabilities/CVE-2022-23568/56746", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23583", + "id": "pyup.io-56757", + "more_info_path": "/vulnerabilities/CVE-2022-23583/56757", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46686,10 +47577,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", - "cve": "CVE-2022-21728", - "id": "pyup.io-56747", - "more_info_path": "/vulnerabilities/CVE-2022-21728/56747", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23572", + "id": "pyup.io-56781", + "more_info_path": "/vulnerabilities/CVE-2022-23572/56781", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46699,10 +47590,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", - "cve": "CVE-2022-21736", - "id": "pyup.io-56750", - "more_info_path": "/vulnerabilities/CVE-2022-21736/56750", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", + "cve": "CVE-2022-23563", + "id": "pyup.io-56748", + "more_info_path": "/vulnerabilities/CVE-2022-23563/56748", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46712,10 +47603,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", - "cve": "CVE-2022-23595", - "id": "pyup.io-56751", - "more_info_path": "/vulnerabilities/CVE-2022-23595/56751", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-56749", + "more_info_path": "/vulnerabilities/CVE-2022-21730/56749", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46725,10 +47616,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", - "cve": "CVE-2022-21741", - "id": "pyup.io-56752", - "more_info_path": "/vulnerabilities/CVE-2022-21741/56752", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", + "cve": "CVE-2022-21729", + "id": "pyup.io-56770", + "more_info_path": "/vulnerabilities/CVE-2022-21729/56770", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46738,10 +47629,62 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23570", - "id": "pyup.io-56753", - "more_info_path": "/vulnerabilities/CVE-2022-23570/56753", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23577", + "id": "pyup.io-56784", + "more_info_path": "/vulnerabilities/CVE-2022-23577/56784", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21738: The implementation of 'SparseCountSparseOutput' can be made to crash a TensorFlow process by an integer overflow whose result is then used in a memory allocation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x4qx-4fjv-hmw6", + "cve": "CVE-2022-21738", + "id": "pyup.io-56791", + "more_info_path": "/vulnerabilities/CVE-2022-21738/56791", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23568: The implementation of 'AddManySparseToTensorsMap' is vulnerable to an integer overflow which results in a 'CHECK'-fail when building new 'TensorShape' objects (so, an assert failure based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2", + "cve": "CVE-2022-23568", + "id": "pyup.io-56746", + "more_info_path": "/vulnerabilities/CVE-2022-23568/56746", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23595: When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so 'flr->config_proto' is 'nullptr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fpcp-9h7m-ffpx", + "cve": "CVE-2022-23595", + "id": "pyup.io-56751", + "more_info_path": "/vulnerabilities/CVE-2022-23595/56751", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21741: An attacker can craft a TFLite model that would trigger a division by zero in the implementation of depthwise convolutions. The parameters of the convolution can be user controlled and are also used within a division operation to determine the size of the padding that needs to be added before applying the convolution. There is no check before this division that the divisor is strictly positive.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-428x-9xc2-m8mj", + "cve": "CVE-2022-21741", + "id": "pyup.io-56752", + "more_info_path": "/vulnerabilities/CVE-2022-21741/56752", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -46789,19 +47732,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23583", - "id": "pyup.io-56757", - "more_info_path": "/vulnerabilities/CVE-2022-23583/56757", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23573", @@ -46828,19 +47758,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23589", - "id": "pyup.io-56760", - "more_info_path": "/vulnerabilities/CVE-2022-23589/56760", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23581: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'IsSimplifiableReshape' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fq86-3f29-px2c", "cve": "CVE-2022-23581", @@ -46893,19 +47810,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23575", - "id": "pyup.io-56765", - "more_info_path": "/vulnerabilities/CVE-2022-23575/56765", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23558: An attacker can craft a TFLite model that would cause an integer overflow in 'TfLiteIntArrayCreate'. The 'TfLiteIntArrayGetSizeInBytes' returns an 'int' instead of a 'size_t'. An attacker can control model inputs such that 'computed_size' overflows the size of 'int' datatype.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9gwq-6cwj-47h3", "cve": "CVE-2022-23558", @@ -46919,19 +47823,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23567: The implementations of 'Sparse*Cwise*' ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or 'CHECK'-fails when building new 'TensorShape' objects (so, assert failures based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", - "cve": "CVE-2022-23567", - "id": "pyup.io-56767", - "more_info_path": "/vulnerabilities/CVE-2022-23567/56767", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21739: The implementation of 'QuantizedMaxPool' has an undefined behavior where user controlled inputs can trigger a reference binding to null pointer.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3mw4-6rj6-74g5", "cve": "CVE-2022-21739", @@ -46958,19 +47849,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23586", - "id": "pyup.io-56771", - "more_info_path": "/vulnerabilities/CVE-2022-23586/56771", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21727: The implementation of shape inference for 'Dequantize' is vulnerable to an integer overflow weakness. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked, and, since the code computes 'axis + 1', an attacker can trigger an integer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c6fh-56w7-fvjw", "cve": "CVE-2022-21727", @@ -47024,10 +47902,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", - "cve": "CVE-2022-23560", - "id": "pyup.io-56776", - "more_info_path": "/vulnerabilities/CVE-2022-23560/56776", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23587", + "id": "pyup.io-56777", + "more_info_path": "/vulnerabilities/CVE-2022-23587/56777", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47037,10 +47915,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23587", - "id": "pyup.io-56777", - "more_info_path": "/vulnerabilities/CVE-2022-23587/56777", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-56779", + "more_info_path": "/vulnerabilities/CVE-2022-21735/56779", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47050,10 +47928,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21725: The estimator for the cost of some convolution operations can be made to execute a division by 0. The function fails to check that the stride argument is strictly positive. Hence, the fix is to add a check for the stride argument to ensure it is valid.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f", - "cve": "CVE-2022-21725", - "id": "pyup.io-56778", - "more_info_path": "/vulnerabilities/CVE-2022-21725/56778", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-56780", + "more_info_path": "/vulnerabilities/CVE-2022-23557/56780", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47063,10 +47941,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-56779", - "more_info_path": "/vulnerabilities/CVE-2022-21735/56779", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", + "cve": "CVE-2022-21740", + "id": "pyup.io-56787", + "more_info_path": "/vulnerabilities/CVE-2022-21740/56787", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47076,10 +47954,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-56780", - "more_info_path": "/vulnerabilities/CVE-2022-23557/56780", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", + "cve": "CVE-2022-23579", + "id": "pyup.io-56789", + "more_info_path": "/vulnerabilities/CVE-2022-23579/56789", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47089,10 +47967,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23572", - "id": "pyup.io-56781", - "more_info_path": "/vulnerabilities/CVE-2022-23572/56781", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", + "cve": "CVE-2022-23562", + "id": "pyup.io-56790", + "more_info_path": "/vulnerabilities/CVE-2022-23562/56790", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47102,10 +47980,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", - "cve": "CVE-2022-23565", - "id": "pyup.io-56782", - "more_info_path": "/vulnerabilities/CVE-2022-23565/56782", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23584", + "id": "pyup.io-56793", + "more_info_path": "/vulnerabilities/CVE-2022-23584/56793", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47115,10 +47993,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", - "cve": "CVE-2022-21732", - "id": "pyup.io-56786", - "more_info_path": "/vulnerabilities/CVE-2022-21732/56786", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", + "cve": "CVE-2022-23582", + "id": "pyup.io-56794", + "more_info_path": "/vulnerabilities/CVE-2022-23582/56794", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47128,10 +48006,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", - "cve": "CVE-2022-21740", - "id": "pyup.io-56787", - "more_info_path": "/vulnerabilities/CVE-2022-21740/56787", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", + "cve": "CVE-2022-21726", + "id": "pyup.io-56795", + "more_info_path": "/vulnerabilities/CVE-2022-21726/56795", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47141,10 +48019,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23566", - "id": "pyup.io-56788", - "more_info_path": "/vulnerabilities/CVE-2022-23566/56788", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-56796", + "more_info_path": "/vulnerabilities/CVE-2022-23561/56796", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47154,10 +48032,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23579: The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a 'SavedModel' such that 'SafeToRemoveIdentity' would trigger 'CHECK' failures.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5f2r-qp73-37mr", - "cve": "CVE-2022-23579", - "id": "pyup.io-56789", - "more_info_path": "/vulnerabilities/CVE-2022-23579/56789", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. The 'GraphDef' format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a 'GraphDef' containing a fragment such as the following can be consumed when loading a 'SavedModel'. This would result in a stack overflow during execution as resolving each 'NodeDef' means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23591", + "id": "pyup.io-56785", + "more_info_path": "/vulnerabilities/CVE-2022-23591/56785", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47167,10 +48045,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23562: The implementation of 'Range' suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qx3f-p745-w4hr", - "cve": "CVE-2022-23562", - "id": "pyup.io-56790", - "more_info_path": "/vulnerabilities/CVE-2022-23562/56790", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21728: The implementation of shape inference for 'ReverseSequence' does not fully validate the value of 'batch_dim' and can result in a heap OOB read. There is a check to make sure the value of 'batch_dim' does not go over the rank of the input, but there is no check for negative values. Negative dimensions are allowed in some cases to mimic Python's negative indexing (i.e., indexing from the end of the array), however if the value is too negative then the implementation of 'Dim' would access elements before the start of an array.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gmv-pjp9-p8w8", + "cve": "CVE-2022-21728", + "id": "pyup.io-56747", + "more_info_path": "/vulnerabilities/CVE-2022-21728/56747", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47180,10 +48058,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23588", - "id": "pyup.io-56792", - "more_info_path": "/vulnerabilities/CVE-2022-23588/56792", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", + "cve": "CVE-2022-21736", + "id": "pyup.io-56750", + "more_info_path": "/vulnerabilities/CVE-2022-21736/56750", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47193,10 +48071,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23584", - "id": "pyup.io-56793", - "more_info_path": "/vulnerabilities/CVE-2022-23584/56793", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23589", + "id": "pyup.io-56760", + "more_info_path": "/vulnerabilities/CVE-2022-23589/56760", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47206,10 +48084,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", - "cve": "CVE-2022-23582", - "id": "pyup.io-56794", - "more_info_path": "/vulnerabilities/CVE-2022-23582/56794", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23575", + "id": "pyup.io-56765", + "more_info_path": "/vulnerabilities/CVE-2022-23575/56765", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47219,10 +48097,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", - "cve": "CVE-2022-21726", - "id": "pyup.io-56795", - "more_info_path": "/vulnerabilities/CVE-2022-21726/56795", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23567: The implementations of 'Sparse*Cwise*' ops are vulnerable to integer overflows. These can be used to trigger large allocations (so, OOM based denial of service) or 'CHECK'-fails when building new 'TensorShape' objects (so, assert failures based denial of service). There are missing some validation on the shapes of the input tensors as well as directly constructing a large 'TensorShape' with user-provided dimensions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrx2-r989-2c43", + "cve": "CVE-2022-23567", + "id": "pyup.io-56767", + "more_info_path": "/vulnerabilities/CVE-2022-23567/56767", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47232,10 +48110,23 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-56796", - "more_info_path": "/vulnerabilities/CVE-2022-23561/56796", + "advisory": "Intel-tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23586", + "id": "pyup.io-56771", + "more_info_path": "/vulnerabilities/CVE-2022-23586/56771", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23560: An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hvf-hxvg-f67v", + "cve": "CVE-2022-23560", + "id": "pyup.io-56776", + "more_info_path": "/vulnerabilities/CVE-2022-23560/56776", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -47258,10 +48149,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41206: In affected versions, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or 'CHECK'-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. These issues were discovered internally via tooling while working on improving/testing GPU op determinism. As such, there aren't reproducers and there will be multiple fixes for these issues.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x", - "cve": "CVE-2021-41206", - "id": "pyup.io-56743", - "more_info_path": "/vulnerabilities/CVE-2021-41206/56743", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41208: In affected versions, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing 'nullptr's or via 'CHECK'-failures) as well as abuse undefined behavior (binding references to 'nullptr's). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. TensorFlow's boosted trees APIs will be deprecated in subsequent releases.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88\nhttps://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r", + "cve": "CVE-2021-41208", + "id": "pyup.io-56744", + "more_info_path": "/vulnerabilities/CVE-2021-41208/56744", "specs": [ "<2.5.3", ">=2.6.0rc0,<2.6.3", @@ -47270,10 +48161,10 @@ "v": "<2.5.3,>=2.6.0rc0,<2.6.3,>=2.7.0rc0,<2.7.1" }, { - "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41208: In affected versions, the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing 'nullptr's or via 'CHECK'-failures) as well as abuse undefined behavior (binding references to 'nullptr's). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. TensorFlow's boosted trees APIs will be deprecated in subsequent releases.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-57wx-m983-2f88\nhttps://github.com/tensorflow/tensorflow/commit/5c8c9a8bfe750f9743d0c859bae112060b216f5c\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6gw-r52c-724r", - "cve": "CVE-2021-41208", - "id": "pyup.io-56744", - "more_info_path": "/vulnerabilities/CVE-2021-41208/56744", + "advisory": "Intel-tensorflow versions 2.5.3, 2.6.3 and 2.7.1 include a fix for CVE-2021-41206: In affected versions, several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or 'CHECK'-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. These issues were discovered internally via tooling while working on improving/testing GPU op determinism. As such, there aren't reproducers and there will be multiple fixes for these issues.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pgcq-h79j-2f69\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-43q8-3fv7-pr5x", + "cve": "CVE-2021-41206", + "id": "pyup.io-56743", + "more_info_path": "/vulnerabilities/CVE-2021-41206/56743", "specs": [ "<2.5.3", ">=2.6.0rc0,<2.6.3", @@ -47307,19 +48198,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", - "cve": "CVE-2022-29193", - "id": "pyup.io-56706", - "more_info_path": "/vulnerabilities/CVE-2022-29193/56706", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", "cve": "CVE-2022-27776", @@ -47333,19 +48211,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", - "cve": "CVE-2022-29200", - "id": "pyup.io-56708", - "more_info_path": "/vulnerabilities/CVE-2022-29200/56708", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", "cve": "CVE-2022-29198", @@ -47359,19 +48224,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29196", - "id": "pyup.io-56710", - "more_info_path": "/vulnerabilities/CVE-2022-29196/56710", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29207: Issues arising from undefined behavior stemming from users supplying invalid resource handles.", "cve": "CVE-2022-29207", @@ -47385,19 +48237,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", - "cve": "CVE-2022-29197", - "id": "pyup.io-56712", - "more_info_path": "/vulnerabilities/CVE-2022-29197/56712", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", "cve": "CVE-2022-29195", @@ -47411,19 +48250,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", - "cve": "CVE-2022-29208", - "id": "pyup.io-56713", - "more_info_path": "/vulnerabilities/CVE-2022-29208/56713", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29194: Missing validation which causes denial of service via 'DeleteSessionTensor'.", "cve": "CVE-2022-29194", @@ -47450,19 +48276,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", - "cve": "CVE-2022-29201", - "id": "pyup.io-56725", - "more_info_path": "/vulnerabilities/CVE-2022-29201/56725", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", "cve": "CVE-2022-29206", @@ -47529,10 +48342,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", - "cve": "CVE-2022-29213", - "id": "pyup.io-56733", - "more_info_path": "/vulnerabilities/CVE-2022-29213/56733", + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", + "cve": "CVE-2022-22576", + "id": "pyup.io-56734", + "more_info_path": "/vulnerabilities/CVE-2022-22576/56734", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47555,10 +48368,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", - "cve": "CVE-2022-22576", - "id": "pyup.io-56734", - "more_info_path": "/vulnerabilities/CVE-2022-22576/56734", + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29209: Type confusion leading to 'CHECK'-failure based denial of service.", + "cve": "CVE-2022-29209", + "id": "pyup.io-56735", + "more_info_path": "/vulnerabilities/CVE-2022-29209/56735", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47568,10 +48381,49 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29209: Type confusion leading to 'CHECK'-failure based denial of service.", - "cve": "CVE-2022-29209", - "id": "pyup.io-56735", - "more_info_path": "/vulnerabilities/CVE-2022-29209/56735", + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29212: Core dump when loading TFLite models with quantization.", + "cve": "CVE-2022-29212", + "id": "pyup.io-56738", + "more_info_path": "/vulnerabilities/CVE-2022-29212/56738", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", + "cve": "CVE-2022-29193", + "id": "pyup.io-56706", + "more_info_path": "/vulnerabilities/CVE-2022-29193/56706", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", + "cve": "CVE-2022-29197", + "id": "pyup.io-56712", + "more_info_path": "/vulnerabilities/CVE-2022-29197/56712", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", + "cve": "CVE-2022-29208", + "id": "pyup.io-56713", + "more_info_path": "/vulnerabilities/CVE-2022-29208/56713", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47607,10 +48459,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29212: Core dump when loading TFLite models with quantization.", - "cve": "CVE-2022-29212", - "id": "pyup.io-56738", - "more_info_path": "/vulnerabilities/CVE-2022-29212/56738", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", + "cve": "CVE-2022-29201", + "id": "pyup.io-56725", + "more_info_path": "/vulnerabilities/CVE-2022-29201/56725", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47620,10 +48472,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", - "cve": "CVE-2021-41197", - "id": "pyup.io-56716", - "more_info_path": "/vulnerabilities/CVE-2021-41197/56716", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", + "cve": "CVE-2022-29202", + "id": "pyup.io-56724", + "more_info_path": "/vulnerabilities/CVE-2022-29202/56724", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47633,10 +48485,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27774.", - "cve": "CVE-2022-27774", - "id": "pyup.io-56717", - "more_info_path": "/vulnerabilities/CVE-2022-27774/56717", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29196", + "id": "pyup.io-56710", + "more_info_path": "/vulnerabilities/CVE-2022-29196/56710", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47646,10 +48498,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", - "cve": "CVE-2022-27778", - "id": "pyup.io-56718", - "more_info_path": "/vulnerabilities/CVE-2022-27778/56718", + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27774.", + "cve": "CVE-2022-27774", + "id": "pyup.io-56717", + "more_info_path": "/vulnerabilities/CVE-2022-27774/56717", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47659,10 +48511,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", - "cve": "CVE-2022-27779", - "id": "pyup.io-56719", - "more_info_path": "/vulnerabilities/CVE-2022-27779/56719", + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", + "cve": "CVE-2022-27778", + "id": "pyup.io-56718", + "more_info_path": "/vulnerabilities/CVE-2022-27778/56718", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47724,10 +48576,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", - "cve": "CVE-2022-29202", - "id": "pyup.io-56724", - "more_info_path": "/vulnerabilities/CVE-2022-29202/56724", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", + "cve": "CVE-2022-29213", + "id": "pyup.io-56733", + "more_info_path": "/vulnerabilities/CVE-2022-29213/56733", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -47737,10 +48589,49 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", - "cve": "CVE-2022-35940", - "id": "pyup.io-56693", - "more_info_path": "/vulnerabilities/CVE-2022-35940/56693", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", + "cve": "CVE-2022-29200", + "id": "pyup.io-56708", + "more_info_path": "/vulnerabilities/CVE-2022-29200/56708", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", + "cve": "CVE-2022-27779", + "id": "pyup.io-56719", + "more_info_path": "/vulnerabilities/CVE-2022-27779/56719", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2021-41197: Affected versions allow tensors to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an 'int64_t'. If an overflow occurs, 'MultiplyWithoutOverflow' would return a negative result. In the majority of TensorFlow codebase this then results in a 'CHECK'-failure. Newer constructs exist which return a 'Status' instead of crashing the binary. This is similar to CVE-2021-29584.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-prcg-wp5q-rv7p\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wcv5-vrvr-3rx2\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mw6j-hh29-h379", + "cve": "CVE-2021-41197", + "id": "pyup.io-56716", + "more_info_path": "/vulnerabilities/CVE-2021-41197/56716", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", + "cve": "CVE-2022-35963", + "id": "pyup.io-56695", + "more_info_path": "/vulnerabilities/CVE-2022-35963/56695", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47749,10 +48640,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", - "cve": "CVE-2022-36001", - "id": "pyup.io-56694", - "more_info_path": "/vulnerabilities/CVE-2022-36001/56694", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", + "cve": "CVE-2022-35971", + "id": "pyup.io-56698", + "more_info_path": "/vulnerabilities/CVE-2022-35971/56698", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47761,10 +48652,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35963: 'CHECK' failures in 'FractionalAvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-84jm-4cf3-9jfm", - "cve": "CVE-2022-35963", - "id": "pyup.io-56695", - "more_info_path": "/vulnerabilities/CVE-2022-35963/56695", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", + "cve": "CVE-2022-36004", + "id": "pyup.io-56699", + "more_info_path": "/vulnerabilities/CVE-2022-36004/56699", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47773,10 +48664,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", - "cve": "CVE-2022-35999", - "id": "pyup.io-56696", - "more_info_path": "/vulnerabilities/CVE-2022-35999/56696", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", + "cve": "CVE-2022-36018", + "id": "pyup.io-56700", + "more_info_path": "/vulnerabilities/CVE-2022-36018/56700", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47785,10 +48676,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", - "cve": "CVE-2022-35995", - "id": "pyup.io-56697", - "more_info_path": "/vulnerabilities/CVE-2022-35995/56697", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", + "cve": "CVE-2022-35989", + "id": "pyup.io-56701", + "more_info_path": "/vulnerabilities/CVE-2022-35989/56701", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47797,10 +48688,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35971: 'CHECK' fail in 'FakeQuantWithMinMaxVars'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9fpg-838v-wpv7", - "cve": "CVE-2022-35971", - "id": "pyup.io-56698", - "more_info_path": "/vulnerabilities/CVE-2022-35971/56698", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", + "cve": "CVE-2022-35960", + "id": "pyup.io-56650", + "more_info_path": "/vulnerabilities/CVE-2022-35960/56650", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47809,10 +48700,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", - "cve": "CVE-2022-36004", - "id": "pyup.io-56699", - "more_info_path": "/vulnerabilities/CVE-2022-36004/56699", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", + "cve": "CVE-2022-36017", + "id": "pyup.io-56652", + "more_info_path": "/vulnerabilities/CVE-2022-36017/56652", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47821,10 +48712,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", - "cve": "CVE-2022-36018", - "id": "pyup.io-56700", - "more_info_path": "/vulnerabilities/CVE-2022-36018/56700", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", + "cve": "CVE-2022-35979", + "id": "pyup.io-56651", + "more_info_path": "/vulnerabilities/CVE-2022-35979/56651", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47833,10 +48724,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", - "cve": "CVE-2022-35989", - "id": "pyup.io-56701", - "more_info_path": "/vulnerabilities/CVE-2022-35989/56701", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", + "cve": "CVE-2022-36003", + "id": "pyup.io-56654", + "more_info_path": "/vulnerabilities/CVE-2022-36003/56654", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47845,10 +48736,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", - "cve": "CVE-2022-36005", - "id": "pyup.io-56702", - "more_info_path": "/vulnerabilities/CVE-2022-36005/56702", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", + "cve": "CVE-2022-35985", + "id": "pyup.io-56655", + "more_info_path": "/vulnerabilities/CVE-2022-35985/56655", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47857,10 +48748,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", - "cve": "CVE-2022-35952", - "id": "pyup.io-56649", - "more_info_path": "/vulnerabilities/CVE-2022-35952/56649", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", + "cve": "CVE-2022-35969", + "id": "pyup.io-56656", + "more_info_path": "/vulnerabilities/CVE-2022-35969/56656", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47869,10 +48760,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", - "cve": "CVE-2022-35960", - "id": "pyup.io-56650", - "more_info_path": "/vulnerabilities/CVE-2022-35960/56650", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", + "cve": "CVE-2022-36012", + "id": "pyup.io-56659", + "more_info_path": "/vulnerabilities/CVE-2022-36012/56659", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47881,10 +48772,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35979: Segfault in 'QuantizedRelu' and 'QuantizedRelu6'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v7vw-577f-vp8x", - "cve": "CVE-2022-35979", - "id": "pyup.io-56651", - "more_info_path": "/vulnerabilities/CVE-2022-35979/56651", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", + "cve": "CVE-2022-35996", + "id": "pyup.io-56662", + "more_info_path": "/vulnerabilities/CVE-2022-35996/56662", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47893,10 +48784,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36017: Segfault in 'Requantize'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wqmc-pm8c-2jhc", - "cve": "CVE-2022-36017", - "id": "pyup.io-56652", - "more_info_path": "/vulnerabilities/CVE-2022-36017/56652", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", + "cve": "CVE-2022-35990", + "id": "pyup.io-56663", + "more_info_path": "/vulnerabilities/CVE-2022-35990/56663", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47905,10 +48796,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", - "cve": "CVE-2022-36015", - "id": "pyup.io-56653", - "more_info_path": "/vulnerabilities/CVE-2022-36015/56653", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", + "cve": "CVE-2022-35959", + "id": "pyup.io-56664", + "more_info_path": "/vulnerabilities/CVE-2022-35959/56664", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47917,10 +48808,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36003: 'CHECK' fail in 'RandomPoissonV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq", - "cve": "CVE-2022-36003", - "id": "pyup.io-56654", - "more_info_path": "/vulnerabilities/CVE-2022-36003/56654", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", + "cve": "CVE-2022-35964", + "id": "pyup.io-56665", + "more_info_path": "/vulnerabilities/CVE-2022-35964/56665", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47929,10 +48820,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35985: 'CHECK' fail in 'LRNGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9942-r22v-78cp", - "cve": "CVE-2022-35985", - "id": "pyup.io-56655", - "more_info_path": "/vulnerabilities/CVE-2022-35985/56655", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", + "cve": "CVE-2022-35998", + "id": "pyup.io-56667", + "more_info_path": "/vulnerabilities/CVE-2022-35998/56667", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47941,10 +48832,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35969: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q2c3-jpmc-gfjx", - "cve": "CVE-2022-35969", - "id": "pyup.io-56656", - "more_info_path": "/vulnerabilities/CVE-2022-35969/56656", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", + "cve": "CVE-2022-35940", + "id": "pyup.io-56693", + "more_info_path": "/vulnerabilities/CVE-2022-35940/56693", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47953,10 +48844,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", - "cve": "CVE-2022-35934", - "id": "pyup.io-56657", - "more_info_path": "/vulnerabilities/CVE-2022-35934/56657", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", + "cve": "CVE-2022-36001", + "id": "pyup.io-56694", + "more_info_path": "/vulnerabilities/CVE-2022-36001/56694", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47965,10 +48856,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", - "cve": "CVE-2022-36002", - "id": "pyup.io-56658", - "more_info_path": "/vulnerabilities/CVE-2022-36002/56658", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35999: 'CHECK' fail in 'Conv2DBackpropInput'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-37jf-mjv6-xfqw", + "cve": "CVE-2022-35999", + "id": "pyup.io-56696", + "more_info_path": "/vulnerabilities/CVE-2022-35999/56696", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47977,10 +48868,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36012: Assertion fail on MLIR empty edge names.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jvhc-5hhr-w3v5", - "cve": "CVE-2022-36012", - "id": "pyup.io-56659", - "more_info_path": "/vulnerabilities/CVE-2022-36012/56659", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35995: 'CHECK' fail in 'AudioSummaryV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9h5-vr8m-x2h4", + "cve": "CVE-2022-35995", + "id": "pyup.io-56697", + "more_info_path": "/vulnerabilities/CVE-2022-35995/56697", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -47989,10 +48880,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", - "cve": "CVE-2022-35983", - "id": "pyup.io-56660", - "more_info_path": "/vulnerabilities/CVE-2022-35983/56660", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", + "cve": "CVE-2022-36005", + "id": "pyup.io-56702", + "more_info_path": "/vulnerabilities/CVE-2022-36005/56702", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48001,10 +48892,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", - "cve": "CVE-2022-35984", - "id": "pyup.io-56661", - "more_info_path": "/vulnerabilities/CVE-2022-35984/56661", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", + "cve": "CVE-2022-35952", + "id": "pyup.io-56649", + "more_info_path": "/vulnerabilities/CVE-2022-35952/56649", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48013,10 +48904,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", - "cve": "CVE-2022-35996", - "id": "pyup.io-56662", - "more_info_path": "/vulnerabilities/CVE-2022-35996/56662", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36015: Integer overflow in math ops. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j", + "cve": "CVE-2022-36015", + "id": "pyup.io-56653", + "more_info_path": "/vulnerabilities/CVE-2022-36015/56653", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48025,10 +48916,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", - "cve": "CVE-2022-35990", - "id": "pyup.io-56663", - "more_info_path": "/vulnerabilities/CVE-2022-35990/56663", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", + "cve": "CVE-2022-35934", + "id": "pyup.io-56657", + "more_info_path": "/vulnerabilities/CVE-2022-35934/56657", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48037,10 +48928,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", - "cve": "CVE-2022-35959", - "id": "pyup.io-56664", - "more_info_path": "/vulnerabilities/CVE-2022-35959/56664", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", + "cve": "CVE-2022-36002", + "id": "pyup.io-56658", + "more_info_path": "/vulnerabilities/CVE-2022-36002/56658", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48049,10 +48940,34 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", - "cve": "CVE-2022-35964", - "id": "pyup.io-56665", - "more_info_path": "/vulnerabilities/CVE-2022-35964/56665", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35983: 'CHECK' fail in 'Save' and 'SaveSlices'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6vp-8q9j-whx4", + "cve": "CVE-2022-35983", + "id": "pyup.io-56660", + "more_info_path": "/vulnerabilities/CVE-2022-35983/56660", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35984: 'CHECK' fail in 'ParameterizedTruncatedNormal'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2xf-8hgm-hpw5", + "cve": "CVE-2022-35984", + "id": "pyup.io-56661", + "more_info_path": "/vulnerabilities/CVE-2022-35984/56661", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", + "cve": "CVE-2022-36011", + "id": "pyup.io-56678", + "more_info_path": "/vulnerabilities/CVE-2022-36011/56678", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48073,10 +48988,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35998: 'CHECK' fail in 'EmptyTensorList'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhw4-wwr7-gjc5", - "cve": "CVE-2022-35998", - "id": "pyup.io-56667", - "more_info_path": "/vulnerabilities/CVE-2022-35998/56667", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", + "cve": "CVE-2022-35992", + "id": "pyup.io-56671", + "more_info_path": "/vulnerabilities/CVE-2022-35992/56671", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48085,10 +49000,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", - "cve": "CVE-2022-35981", - "id": "pyup.io-56669", - "more_info_path": "/vulnerabilities/CVE-2022-35981/56669", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", + "cve": "CVE-2022-36027", + "id": "pyup.io-56679", + "more_info_path": "/vulnerabilities/CVE-2022-36027/56679", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48097,10 +49012,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", - "cve": "CVE-2022-36000", - "id": "pyup.io-56670", - "more_info_path": "/vulnerabilities/CVE-2022-36000/56670", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", + "cve": "CVE-2022-35982", + "id": "pyup.io-56680", + "more_info_path": "/vulnerabilities/CVE-2022-35982/56680", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48109,10 +49024,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", - "cve": "CVE-2022-35992", - "id": "pyup.io-56671", - "more_info_path": "/vulnerabilities/CVE-2022-35992/56671", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35972: Segfault in 'QuantizedBiasAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", + "cve": "CVE-2022-35972", + "id": "pyup.io-56681", + "more_info_path": "/vulnerabilities/CVE-2022-35972/56681", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48121,10 +49036,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", - "cve": "CVE-2022-35986", - "id": "pyup.io-56672", - "more_info_path": "/vulnerabilities/CVE-2022-35986/56672", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", + "cve": "CVE-2022-35965", + "id": "pyup.io-56687", + "more_info_path": "/vulnerabilities/CVE-2022-35965/56687", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48133,10 +49048,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", - "cve": "CVE-2022-35974", - "id": "pyup.io-56673", - "more_info_path": "/vulnerabilities/CVE-2022-35974/56673", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", + "cve": "CVE-2022-35994", + "id": "pyup.io-56692", + "more_info_path": "/vulnerabilities/CVE-2022-35994/56692", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48145,10 +49060,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", - "cve": "CVE-2022-35973", - "id": "pyup.io-56674", - "more_info_path": "/vulnerabilities/CVE-2022-35973/56674", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", + "cve": "CVE-2022-36013", + "id": "pyup.io-56668", + "more_info_path": "/vulnerabilities/CVE-2022-36013/56668", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48157,10 +49072,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", - "cve": "CVE-2022-35987", - "id": "pyup.io-56675", - "more_info_path": "/vulnerabilities/CVE-2022-35987/56675", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35981: 'CHECK' fail in 'FractionalMaxPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vxv8-r8q2-63xw", + "cve": "CVE-2022-35981", + "id": "pyup.io-56669", + "more_info_path": "/vulnerabilities/CVE-2022-35981/56669", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48169,10 +49084,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", - "cve": "CVE-2022-36026", - "id": "pyup.io-56676", - "more_info_path": "/vulnerabilities/CVE-2022-36026/56676", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", + "cve": "CVE-2022-36000", + "id": "pyup.io-56670", + "more_info_path": "/vulnerabilities/CVE-2022-36000/56670", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48181,10 +49096,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", - "cve": "CVE-2022-35966", - "id": "pyup.io-56677", - "more_info_path": "/vulnerabilities/CVE-2022-35966/56677", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", + "cve": "CVE-2022-35986", + "id": "pyup.io-56672", + "more_info_path": "/vulnerabilities/CVE-2022-35986/56672", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48193,10 +49108,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36011: Null dereference on MLIR on empty function attributes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fv43-93gv-vm8f", - "cve": "CVE-2022-36011", - "id": "pyup.io-56678", - "more_info_path": "/vulnerabilities/CVE-2022-36011/56678", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", + "cve": "CVE-2022-35974", + "id": "pyup.io-56673", + "more_info_path": "/vulnerabilities/CVE-2022-35974/56673", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48205,10 +49120,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", - "cve": "CVE-2022-36027", - "id": "pyup.io-56679", - "more_info_path": "/vulnerabilities/CVE-2022-36027/56679", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", + "cve": "CVE-2022-35973", + "id": "pyup.io-56674", + "more_info_path": "/vulnerabilities/CVE-2022-35973/56674", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48217,10 +49132,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", - "cve": "CVE-2022-35982", - "id": "pyup.io-56680", - "more_info_path": "/vulnerabilities/CVE-2022-35982/56680", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", + "cve": "CVE-2022-35987", + "id": "pyup.io-56675", + "more_info_path": "/vulnerabilities/CVE-2022-35987/56675", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48229,10 +49144,22 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35972: Segfault in 'QuantizedBiasAdd'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4pc4-m9mj-v2r9", - "cve": "CVE-2022-35972", - "id": "pyup.io-56681", - "more_info_path": "/vulnerabilities/CVE-2022-35972/56681", + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36026: 'CHECK' fail in 'QuantizeAndDequantizeV3'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9cr2-8pwr-fhfq", + "cve": "CVE-2022-36026", + "id": "pyup.io-56676", + "more_info_path": "/vulnerabilities/CVE-2022-36026/56676", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35966: Segfault in 'QuantizedAvgPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4w68-4x85-mjj9", + "cve": "CVE-2022-35966", + "id": "pyup.io-56677", + "more_info_path": "/vulnerabilities/CVE-2022-35966/56677", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -48300,18 +49227,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", - "cve": "CVE-2022-35965", - "id": "pyup.io-56687", - "more_info_path": "/vulnerabilities/CVE-2022-35965/56687", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36019: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannel'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9j4v-pp28-mxv7", "cve": "CVE-2022-36019", @@ -48360,18 +49275,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35994: 'CHECK' fail in 'CollectiveGather'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fhfc-2q7x-929f", - "cve": "CVE-2022-35994", - "id": "pyup.io-56692", - "more_info_path": "/vulnerabilities/CVE-2022-35994/56692", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", "cve": "CVE-2022-35937", @@ -48397,34 +49300,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36013: Null-dereference in 'mlir::tfg::GraphDefImporter::ConvertNodeDef'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-828c-5j5q-vrjq", - "cve": "CVE-2022-36013", - "id": "pyup.io-56668", - "more_info_path": "/vulnerabilities/CVE-2022-36013/56668", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", - "cve": "CVE-2022-41902", - "id": "pyup.io-56636", - "more_info_path": "/vulnerabilities/CVE-2022-41902/56636", - "specs": [ - "<2.8.4", - ">=2.9.0rc0,<2.9.3", - ">=2.10.0rc0,<2.10.1" - ], - "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" - }, - { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", - "cve": "CVE-2022-41901", - "id": "pyup.io-56622", - "more_info_path": "/vulnerabilities/CVE-2022-41901/56622", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", + "cve": "CVE-2022-41898", + "id": "pyup.io-56643", + "more_info_path": "/vulnerabilities/CVE-2022-41898/56643", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48433,10 +49312,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", - "cve": "CVE-2022-41895", - "id": "pyup.io-56623", - "more_info_path": "/vulnerabilities/CVE-2022-41895/56623", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", + "cve": "CVE-2022-41907", + "id": "pyup.io-56635", + "more_info_path": "/vulnerabilities/CVE-2022-41907/56635", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48445,10 +49324,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-56624", - "more_info_path": "/vulnerabilities/CVE-2022-41891/56624", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", + "cve": "CVE-2022-41900", + "id": "pyup.io-56632", + "more_info_path": "/vulnerabilities/CVE-2022-41900/56632", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48457,10 +49336,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", - "cve": "CVE-2022-41911", - "id": "pyup.io-56625", - "more_info_path": "/vulnerabilities/CVE-2022-41911/56625", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", + "cve": "CVE-2022-41884", + "id": "pyup.io-56638", + "more_info_path": "/vulnerabilities/CVE-2022-41884/56638", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48469,10 +49348,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", - "cve": "CVE-2022-41889", - "id": "pyup.io-56626", - "more_info_path": "/vulnerabilities/CVE-2022-41889/56626", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", + "cve": "CVE-2022-41910", + "id": "pyup.io-56641", + "more_info_path": "/vulnerabilities/CVE-2022-41910/56641", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48481,10 +49360,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", - "cve": "CVE-2022-41885", - "id": "pyup.io-56627", - "more_info_path": "/vulnerabilities/CVE-2022-41885/56627", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", + "cve": "CVE-2022-41896", + "id": "pyup.io-56637", + "more_info_path": "/vulnerabilities/CVE-2022-41896/56637", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48493,10 +49372,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", - "cve": "CVE-2022-41899", - "id": "pyup.io-56628", - "more_info_path": "/vulnerabilities/CVE-2022-41899/56628", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", + "cve": "CVE-2022-41894", + "id": "pyup.io-56644", + "more_info_path": "/vulnerabilities/CVE-2022-41894/56644", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48505,10 +49384,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", - "cve": "CVE-2022-41893", - "id": "pyup.io-56629", - "more_info_path": "/vulnerabilities/CVE-2022-41893/56629", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", + "cve": "CVE-2022-41909", + "id": "pyup.io-56630", + "more_info_path": "/vulnerabilities/CVE-2022-41909/56630", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48517,10 +49396,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", - "cve": "CVE-2022-41909", - "id": "pyup.io-56630", - "more_info_path": "/vulnerabilities/CVE-2022-41909/56630", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", + "cve": "CVE-2022-41895", + "id": "pyup.io-56623", + "more_info_path": "/vulnerabilities/CVE-2022-41895/56623", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48529,10 +49408,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", - "cve": "CVE-2022-41908", - "id": "pyup.io-56631", - "more_info_path": "/vulnerabilities/CVE-2022-41908/56631", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", + "cve": "CVE-2022-41911", + "id": "pyup.io-56625", + "more_info_path": "/vulnerabilities/CVE-2022-41911/56625", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48541,10 +49420,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", - "cve": "CVE-2022-41900", - "id": "pyup.io-56632", - "more_info_path": "/vulnerabilities/CVE-2022-41900/56632", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", + "cve": "CVE-2022-41889", + "id": "pyup.io-56626", + "more_info_path": "/vulnerabilities/CVE-2022-41889/56626", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48553,10 +49432,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", - "cve": "CVE-2022-41890", - "id": "pyup.io-56633", - "more_info_path": "/vulnerabilities/CVE-2022-41890/56633", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", + "cve": "CVE-2022-41885", + "id": "pyup.io-56627", + "more_info_path": "/vulnerabilities/CVE-2022-41885/56627", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48565,10 +49444,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", - "cve": "CVE-2022-41880", - "id": "pyup.io-56634", - "more_info_path": "/vulnerabilities/CVE-2022-41880/56634", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", + "cve": "CVE-2022-41893", + "id": "pyup.io-56629", + "more_info_path": "/vulnerabilities/CVE-2022-41893/56629", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48577,10 +49456,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41907: When 'tf.raw_ops.ResizeNearestNeighborGrad' is given a large 'size' input, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-368v-7v32-52fx", - "cve": "CVE-2022-41907", - "id": "pyup.io-56635", - "more_info_path": "/vulnerabilities/CVE-2022-41907/56635", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", + "cve": "CVE-2022-41908", + "id": "pyup.io-56631", + "more_info_path": "/vulnerabilities/CVE-2022-41908/56631", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48589,10 +49468,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", - "cve": "CVE-2022-41896", - "id": "pyup.io-56637", - "more_info_path": "/vulnerabilities/CVE-2022-41896/56637", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", + "cve": "CVE-2022-41890", + "id": "pyup.io-56633", + "more_info_path": "/vulnerabilities/CVE-2022-41890/56633", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48601,10 +49480,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41884: If a numpy array is created with a shape such that one element is zero and the others sum to a large number, an error will be raised. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jq6x-99hj-q636", - "cve": "CVE-2022-41884", - "id": "pyup.io-56638", - "more_info_path": "/vulnerabilities/CVE-2022-41884/56638", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", + "cve": "CVE-2022-41880", + "id": "pyup.io-56634", + "more_info_path": "/vulnerabilities/CVE-2022-41880/56634", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48637,10 +49516,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", - "cve": "CVE-2022-41910", - "id": "pyup.io-56641", - "more_info_path": "/vulnerabilities/CVE-2022-41910/56641", + "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", + "cve": "CVE-2022-41888", + "id": "pyup.io-56642", + "more_info_path": "/vulnerabilities/CVE-2022-41888/56642", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48649,10 +49528,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", - "cve": "CVE-2022-41888", - "id": "pyup.io-56642", - "more_info_path": "/vulnerabilities/CVE-2022-41888/56642", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", + "cve": "CVE-2022-41899", + "id": "pyup.io-56628", + "more_info_path": "/vulnerabilities/CVE-2022-41899/56628", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48661,10 +49540,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", - "cve": "CVE-2022-41898", - "id": "pyup.io-56643", - "more_info_path": "/vulnerabilities/CVE-2022-41898/56643", + "advisory": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", + "cve": "CVE-2022-41902", + "id": "pyup.io-56636", + "more_info_path": "/vulnerabilities/CVE-2022-41902/56636", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48673,10 +49552,22 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", - "cve": "CVE-2022-41894", - "id": "pyup.io-56644", - "more_info_path": "/vulnerabilities/CVE-2022-41894/56644", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-56624", + "more_info_path": "/vulnerabilities/CVE-2022-41891/56624", + "specs": [ + "<2.8.4", + ">=2.9.0rc0,<2.9.3", + ">=2.10.0rc0,<2.10.1" + ], + "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" + }, + { + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", + "cve": "CVE-2022-41901", + "id": "pyup.io-56622", + "more_info_path": "/vulnerabilities/CVE-2022-41901/56622", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -48847,17 +49738,6 @@ ], "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, - { - "advisory": "Intel-tensorflow versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", - "cve": "CVE-2020-15212", - "id": "pyup.io-57053", - "more_info_path": "/vulnerabilities/CVE-2020-15212/57053", - "specs": [ - ">=2.2.0rc0,<2.2.1", - ">=2.3.0rc0,<2.3.1" - ], - "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" - }, { "advisory": "Intel-tensorflow versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimension of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", "cve": "CVE-2020-15214", @@ -48880,6 +49760,17 @@ ], "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, + { + "advisory": "Intel-tensorflow versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", + "cve": "CVE-2020-15212", + "id": "pyup.io-57053", + "more_info_path": "/vulnerabilities/CVE-2020-15212/57053", + "specs": [ + ">=2.2.0rc0,<2.2.1", + ">=2.3.0rc0,<2.3.1" + ], + "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" + }, { "advisory": "Intel-tensorflow versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15193: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of \"dlpack.to_dlpack\" can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a \"reinterpret_cast\". Since the \"PyObject\" is a Python object, not a Tensorflow tensor, the cast to \"EagerTensor\" fails. The issue was patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v", "cve": "CVE-2020-15193", @@ -48901,6 +49792,16 @@ ], "v": ">=2.3.0rc0,<2.3.1" }, + { + "advisory": "Intel-tensorflow 2.3.1 includes a fix for CVE-2020-15199: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the \"splits\" tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since \"BatchedMap\" is equivalent to a vector, it needs to have at least one element to not be \"nullptr\". If user passes a \"splits\" tensor that is empty or has exactly one element, we get a \"SIGABRT\" signal raised by the operating system. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h", + "cve": "CVE-2020-15199", + "id": "pyup.io-57049", + "more_info_path": "/vulnerabilities/CVE-2020-15199/57049", + "specs": [ + ">=2.3.0rc0,<2.3.1" + ], + "v": ">=2.3.0rc0,<2.3.1" + }, { "advisory": "Intel-tensorflow 2.3.1 includes a fix for CVE-2020-15198: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has the same shape as the \"values\" one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3", "cve": "CVE-2020-15198", @@ -48931,16 +49832,6 @@ ], "v": ">=2.3.0rc0,<2.3.1" }, - { - "advisory": "Intel-tensorflow 2.3.1 includes a fix for CVE-2020-15199: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the \"splits\" tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since \"BatchedMap\" is equivalent to a vector, it needs to have at least one element to not be \"nullptr\". If user passes a \"splits\" tensor that is empty or has exactly one element, we get a \"SIGABRT\" signal raised by the operating system. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h", - "cve": "CVE-2020-15199", - "id": "pyup.io-57049", - "more_info_path": "/vulnerabilities/CVE-2020-15199/57049", - "specs": [ - ">=2.3.0rc0,<2.3.1" - ], - "v": ">=2.3.0rc0,<2.3.1" - }, { "advisory": "Intel-tensorflow 2.3.1 includes a fix for CVE-2020-15201: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Hence, the code is prone to heap buffer overflow. If \"split_values\" does not end with a value at least \"num_values\" then the \"while\" loop condition will trigger a read outside of the bounds of \"split_values\" once \"batch_idx\" grows too large. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4", "cve": "CVE-2020-15201", @@ -48965,10 +49856,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", - "cve": "CVE-2021-37667", - "id": "pyup.io-57003", - "more_info_path": "/vulnerabilities/CVE-2021-37667/57003", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37637: It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. The Tensorflow team has patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5.", + "cve": "CVE-2021-37637", + "id": "pyup.io-57005", + "more_info_path": "/vulnerabilities/CVE-2021-37637/57005", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -48978,10 +49869,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37637: It is possible to trigger a null pointer dereference in TensorFlow by passing an invalid input to `tf.raw_ops.CompressElement`. The [implementation](https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/data/compression_utils.cc#L34) was accessing the size of a buffer obtained from the return of a separate function call before validating that said buffer is valid. The Tensorflow team has patched the issue in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5.", - "cve": "CVE-2021-37637", - "id": "pyup.io-57005", - "more_info_path": "/vulnerabilities/CVE-2021-37637/57005", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37667: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.UnicodeEncode'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unicode_ops.cc#L533-L539) reads the first dimension of the 'input_splits' tensor before validating that this tensor is not empty. The Tensorflow team has patched the issue in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6.", + "cve": "CVE-2021-37667", + "id": "pyup.io-57003", + "more_info_path": "/vulnerabilities/CVE-2021-37667/57003", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.4.0rc0,<2.4.3", @@ -49147,10 +50038,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37639: When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the 'tensor_name' user controlled input and immediately retrieves the tensor at the restoration index (controlled via 'preferred_shard' argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements and if the restoration index is outside the bounds, this results in heap OOB read. The Tensorflow team has patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622.", - "cve": "CVE-2021-37639", - "id": "pyup.io-56993", - "more_info_path": "/vulnerabilities/CVE-2021-37639/56993", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", + "cve": "CVE-2021-37649", + "id": "pyup.io-56995", + "more_info_path": "/vulnerabilities/CVE-2021-37649/56995", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -49160,10 +50051,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", - "cve": "CVE-2021-37658", - "id": "pyup.io-56994", - "more_info_path": "/vulnerabilities/CVE-2021-37658/56994", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37659: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.", + "cve": "CVE-2021-37659", + "id": "pyup.io-56996", + "more_info_path": "/vulnerabilities/CVE-2021-37659/56996", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -49173,10 +50064,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37649: The code for 'tf.raw_ops.UncompressElement' can be made to trigger a null pointer dereference. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/compression_ops.cc#L50-L53) obtains a pointer to a 'CompressedElement' from a 'Variant' tensor and then proceeds to dereference it for decompressing. There is no check that the 'Variant' tensor contained a 'CompressedElement', so the pointer is actually 'nullptr'. The Tensorflow team has patched the issue in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd.", - "cve": "CVE-2021-37649", - "id": "pyup.io-56995", - "more_info_path": "/vulnerabilities/CVE-2021-37649/56995", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", + "cve": "CVE-2021-37664", + "id": "pyup.io-56997", + "more_info_path": "/vulnerabilities/CVE-2021-37664/56997", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -49186,10 +50077,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37659: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.", - "cve": "CVE-2021-37659", - "id": "pyup.io-56996", - "more_info_path": "/vulnerabilities/CVE-2021-37659/56996", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37639: When restoring tensors via raw APIs, if the tensor name is not provided, TensorFlow can be tricked into dereferencing a null pointer. Alternatively, attackers can read memory outside the bounds of heap allocated data by providing some tensor names but not enough for a successful restoration. The implementation (https://github.com/tensorflow/tensorflow/blob/47a06f40411a69c99f381495f490536972152ac0/tensorflow/core/kernels/save_restore_tensor.cc#L158-L159) retrieves the tensor list corresponding to the 'tensor_name' user controlled input and immediately retrieves the tensor at the restoration index (controlled via 'preferred_shard' argument). This occurs without validating that the provided list has enough values. If the list is empty this results in dereferencing a null pointer (undefined behavior). If, however, the list has some elements and if the restoration index is outside the bounds, this results in heap OOB read. The Tensorflow team has patched the issue in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622.", + "cve": "CVE-2021-37639", + "id": "pyup.io-56993", + "more_info_path": "/vulnerabilities/CVE-2021-37639/56993", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -49199,10 +50090,10 @@ "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", - "cve": "CVE-2021-37664", - "id": "pyup.io-56997", - "more_info_path": "/vulnerabilities/CVE-2021-37664/56997", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37658: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixSetDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. We have check that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b.", + "cve": "CVE-2021-37658", + "id": "pyup.io-56994", + "more_info_path": "/vulnerabilities/CVE-2021-37658/56994", "specs": [ ">=2.3.0rc0,<2.3.4", ">=2.5.0rc0,<2.5.1", @@ -49318,10 +50209,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", - "cve": "CVE-2021-29537", - "id": "pyup.io-56983", - "more_info_path": "/vulnerabilities/CVE-2021-29537/56983", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", + "cve": "CVE-2021-29615", + "id": "pyup.io-56984", + "more_info_path": "/vulnerabilities/CVE-2021-29615/56984", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -49332,10 +50223,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a stack overflow in 'ParseAttrValue' with nested tensors. See CVE-2021-29615.", - "cve": "CVE-2021-29615", - "id": "pyup.io-56984", - "more_info_path": "/vulnerabilities/CVE-2021-29615/56984", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29537: An attacker can cause a heap buffer overflow in `QuantizedResizeBilinear` by passing in invalid thresholds for the quantization. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/50711818d2e61ccce012591eeb4fdf93a8496726/tensorflow/core/kernels/quantized_resize_bilinear_op.cc#L705-L706) assumes that the 2 arguments are always valid scalars and tries to access the numeric value directly.", + "cve": "CVE-2021-29537", + "id": "pyup.io-56983", + "more_info_path": "/vulnerabilities/CVE-2021-29537/56983", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -49471,20 +50362,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", - "cve": "CVE-2021-29533", - "id": "pyup.io-56975", - "more_info_path": "/vulnerabilities/CVE-2021-29533/56975", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a heap buffer overflow in 'Conv3DBackprop*'. See CVE-2021-29520.", "cve": "CVE-2021-29520", @@ -49499,20 +50376,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", - "cve": "CVE-2021-29534", - "id": "pyup.io-56977", - "more_info_path": "/vulnerabilities/CVE-2021-29534/56977", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", "cve": "CVE-2021-29513", @@ -49569,6 +50432,34 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", + "cve": "CVE-2021-29534", + "id": "pyup.io-56977", + "more_info_path": "/vulnerabilities/CVE-2021-29534/56977", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", + "cve": "CVE-2021-29533", + "id": "pyup.io-56975", + "more_info_path": "/vulnerabilities/CVE-2021-29533/56975", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'StringNGrams'. See CVE-2021-29541.", "cve": "CVE-2021-29541", @@ -49766,10 +50657,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29551: The implementation of 'MatrixTriangularSolve' (https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails.", - "cve": "CVE-2021-29551", - "id": "pyup.io-56948", - "more_info_path": "/vulnerabilities/CVE-2021-29551/56948", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29545: An attacker can trigger a denial of service via a 'CHECK'-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/800346f2c03a27e182dd4fba48295f65e7790739/tensorflow/core/kernels/sparse/kernels.cc#L66) does a double redirection to access an element of an array allocated on the heap. If the value at 'indices(i, 0)' is such that 'indices(i, 0) + 1' is outside the bounds of 'csr_row_ptr', this results in writing outside of bounds of heap allocated data.", + "cve": "CVE-2021-29545", + "id": "pyup.io-56949", + "more_info_path": "/vulnerabilities/CVE-2021-29545/56949", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -49780,10 +50671,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29545: An attacker can trigger a denial of service via a 'CHECK'-fail in converting sparse tensors to CSR Sparse matrices. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/800346f2c03a27e182dd4fba48295f65e7790739/tensorflow/core/kernels/sparse/kernels.cc#L66) does a double redirection to access an element of an array allocated on the heap. If the value at 'indices(i, 0)' is such that 'indices(i, 0) + 1' is outside the bounds of 'csr_row_ptr', this results in writing outside of bounds of heap allocated data.", - "cve": "CVE-2021-29545", - "id": "pyup.io-56949", - "more_info_path": "/vulnerabilities/CVE-2021-29545/56949", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29551: The implementation of 'MatrixTriangularSolve' (https://github.com/tensorflow/tensorflow/blob/8cae746d8449c7dda5298327353d68613f16e798/tensorflow/core/kernels/linalg/matrix_triangular_solve_op_impl.h#L160-L240) fails to terminate kernel execution if one validation condition fails.", + "cve": "CVE-2021-29551", + "id": "pyup.io-56948", + "more_info_path": "/vulnerabilities/CVE-2021-29551/56948", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -49836,10 +50727,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 include a fix for CVE-2021-29512: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the 'for' loop, 'batch_idx' is set to 0. The user controls the 'splits' array, making it contain only one element, 0. Thus, the code in the 'while' loop would increment 'batch_idx' and then try to read 'splits(1)', which is outside of bounds.", - "cve": "CVE-2021-29512", - "id": "pyup.io-56945", - "more_info_path": "/vulnerabilities/CVE-2021-29512/56945", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior in 'MaxPool3DGradGrad'. See CVE-2021-29574.", + "cve": "CVE-2021-29574", + "id": "pyup.io-56946", + "more_info_path": "/vulnerabilities/CVE-2021-29574/56946", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -49850,10 +50741,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior in 'MaxPool3DGradGrad'. See CVE-2021-29574.", - "cve": "CVE-2021-29574", - "id": "pyup.io-56946", - "more_info_path": "/vulnerabilities/CVE-2021-29574/56946", + "advisory": "Intel-tensorflow versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 include a fix for CVE-2021-29512: If the 'splits' argument of 'RaggedBincount' does not specify a valid 'SparseTensor' (https://www.tensorflow.org/api_docs/python/tf/sparse/SparseTensor), then an attacker can trigger a heap buffer overflow. This will cause a read from outside the bounds of the 'splits' tensor buffer in the implementation of the 'RaggedBincount' op (https://github.com/tensorflow/tensorflow/blob/8b677d79167799f71c42fd3fa074476e0295413a/tensorflow/core/kernels/bincount_op.cc#L430-L433). Before the 'for' loop, 'batch_idx' is set to 0. The user controls the 'splits' array, making it contain only one element, 0. Thus, the code in the 'while' loop would increment 'batch_idx' and then try to read 'splits(1)', which is outside of bounds.", + "cve": "CVE-2021-29512", + "id": "pyup.io-56945", + "more_info_path": "/vulnerabilities/CVE-2021-29512/56945", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.3.0rc0,<2.3.3", @@ -49976,10 +50867,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", - "cve": "CVE-2021-29557", - "id": "pyup.io-56929", - "more_info_path": "/vulnerabilities/CVE-2021-29557/56929", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", + "cve": "CVE-2021-29612", + "id": "pyup.io-56930", + "more_info_path": "/vulnerabilities/CVE-2021-29612/56930", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -49990,10 +50881,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", - "cve": "CVE-2021-29612", - "id": "pyup.io-56930", - "more_info_path": "/vulnerabilities/CVE-2021-29612/56930", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'SparseMatMul'. See CVE-2021-29557.", + "cve": "CVE-2021-29557", + "id": "pyup.io-56929", + "more_info_path": "/vulnerabilities/CVE-2021-29557/56929", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -50032,10 +50923,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB access in unicode ops. See CVE-2021-29559.", - "cve": "CVE-2021-29559", - "id": "pyup.io-56933", - "more_info_path": "/vulnerabilities/CVE-2021-29559/56933", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'FusedBatchNorm'. See CVE-2021-29555.", + "cve": "CVE-2021-29555", + "id": "pyup.io-56934", + "more_info_path": "/vulnerabilities/CVE-2021-29555/56934", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -50046,10 +50937,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'FusedBatchNorm'. See CVE-2021-29555.", - "cve": "CVE-2021-29555", - "id": "pyup.io-56934", - "more_info_path": "/vulnerabilities/CVE-2021-29555/56934", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB access in unicode ops. See CVE-2021-29559.", + "cve": "CVE-2021-29559", + "id": "pyup.io-56933", + "more_info_path": "/vulnerabilities/CVE-2021-29559/56933", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -50087,6 +50978,118 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Intel-tensorflow versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", + "cve": "CVE-2020-8284", + "id": "pyup.io-56897", + "more_info_path": "/vulnerabilities/CVE-2020-8284/56897", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", + "cve": "CVE-2021-29571", + "id": "pyup.io-56909", + "more_info_path": "/vulnerabilities/CVE-2021-29571/56909", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", + "cve": "CVE-2021-29598", + "id": "pyup.io-56917", + "more_info_path": "/vulnerabilities/CVE-2021-29598/56917", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29563: An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination.", + "cve": "CVE-2021-29563", + "id": "pyup.io-56918", + "more_info_path": "/vulnerabilities/CVE-2021-29563/56918", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", + "cve": "CVE-2021-29528", + "id": "pyup.io-56919", + "more_info_path": "/vulnerabilities/CVE-2021-29528/56919", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", + "cve": "CVE-2021-29553", + "id": "pyup.io-56920", + "more_info_path": "/vulnerabilities/CVE-2021-29553/56920", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", + "cve": "CVE-2021-29611", + "id": "pyup.io-56921", + "more_info_path": "/vulnerabilities/CVE-2021-29611/56921", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", + "cve": "CVE-2021-29580", + "id": "pyup.io-56922", + "more_info_path": "/vulnerabilities/CVE-2021-29580/56922", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix fixes a heap OOB read in TFLite. See CVE-2021-29606.", "cve": "CVE-2021-29606", @@ -50171,20 +51174,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", - "cve": "CVE-2021-29616", - "id": "pyup.io-56884", - "more_info_path": "/vulnerabilities/CVE-2021-29616/56884", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'DenseCountSparseOutput'. See CVE-2021-29554.", "cve": "CVE-2021-29554", @@ -50200,10 +51189,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", - "cve": "CVE-2021-29577", - "id": "pyup.io-56896", - "more_info_path": "/vulnerabilities/CVE-2021-29577/56896", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29616: The implementation of TrySimplify (https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc#L390-L401) has undefined behavior due to dereferencing a null pointer in corner cases that result in optimizing a node with no inputs.", + "cve": "CVE-2021-29616", + "id": "pyup.io-56884", + "more_info_path": "/vulnerabilities/CVE-2021-29616/56884", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -50214,10 +51203,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow versions 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 update its dependency \"curl\" to handle CVE-2020-8284.", - "cve": "CVE-2020-8284", - "id": "pyup.io-56897", - "more_info_path": "/vulnerabilities/CVE-2020-8284/56897", + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'AvgPool3DGrad'. See CVE-2021-29577.", + "cve": "CVE-2021-29577", + "id": "pyup.io-56896", + "more_info_path": "/vulnerabilities/CVE-2021-29577/56896", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -50367,20 +51356,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", - "cve": "CVE-2021-29571", - "id": "pyup.io-56909", - "more_info_path": "/vulnerabilities/CVE-2021-29571/56909", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'RequantizationRange'. See CVE-2021-29569.", "cve": "CVE-2021-29569", @@ -50479,90 +51454,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", - "cve": "CVE-2021-29598", - "id": "pyup.io-56917", - "more_info_path": "/vulnerabilities/CVE-2021-29598/56917", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29563: An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination.", - "cve": "CVE-2021-29563", - "id": "pyup.io-56918", - "more_info_path": "/vulnerabilities/CVE-2021-29563/56918", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", - "cve": "CVE-2021-29528", - "id": "pyup.io-56919", - "more_info_path": "/vulnerabilities/CVE-2021-29528/56919", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB in 'QuantizeAndDequantizeV3'. See CVE-2021-29553.", - "cve": "CVE-2021-29553", - "id": "pyup.io-56920", - "more_info_path": "/vulnerabilities/CVE-2021-29553/56920", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", - "cve": "CVE-2021-29611", - "id": "pyup.io-56921", - "more_info_path": "/vulnerabilities/CVE-2021-29611/56921", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", - "cve": "CVE-2021-29580", - "id": "pyup.io-56922", - "more_info_path": "/vulnerabilities/CVE-2021-29580/56922", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29546: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger an integer division by zero undefined behavior in `tf.raw_ops.QuantizedBiasAdd`. This is because the implementation of the Eigen kernel (https://github.com/tensorflow/tensorflow/blob/61bca8bd5ba8a68b2d97435ddfafcdf2b85672cd/tensorflow/core/kernels/quantization_utils.h#L812-L849) does a division by the number of elements of the smaller input (based on shape) without checking that this is not zero.", "cve": "CVE-2021-29546", @@ -50675,20 +51566,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", - "cve": "CVE-2021-29608", - "id": "pyup.io-56886", - "more_info_path": "/vulnerabilities/CVE-2021-29608/56886", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseAdd'. See CVE-2021-29609.", "cve": "CVE-2021-29609", @@ -50801,6 +51678,20 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", + "cve": "CVE-2021-29608", + "id": "pyup.io-56886", + "more_info_path": "/vulnerabilities/CVE-2021-29608/56886", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Intel-tensorflow 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29550: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.FractionalAvgPool`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L85-L89) computes a divisor quantity by dividing two user controlled values. The user controls the values of `input_size[i]` and `pooling_ratio_[i]` (via the `value.shape()` and `pooling_ratio` arguments). If the value in `input_size[i]` is smaller than the `pooling_ratio_[i]`, then the floor operation results in `output_size[i]` being 0. The `DCHECK_GT` line is a no-op outside of debug mode, so in released versions of TF this does not trigger. Later, these computed values are used as arguments (https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_avg_pool_op.cc#L96-L99) to `GeneratePoolingSequence`(https://github.com/tensorflow/tensorflow/blob/acc8ee69f5f46f92a3f1f11230f49c6ac266f10c/tensorflow/core/kernels/fractional_pool_common.cc#L100-L108). There, the first computation is a division in a modulo operation. Since `output_length` can be 0, this results in runtime crashing.", "cve": "CVE-2021-29550", @@ -50830,10 +51721,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37688: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. The Tensorflow team has patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c.", - "cve": "CVE-2021-37688", - "id": "pyup.io-56871", - "more_info_path": "/vulnerabilities/CVE-2021-37688/56871", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37645: In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1.", + "cve": "CVE-2021-37645", + "id": "pyup.io-56872", + "more_info_path": "/vulnerabilities/CVE-2021-37645/56872", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -50843,10 +51734,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37645: In affected versions the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The [implementation](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L126) uses the `axis` value as the size argument to `absl::InlinedVector` constructor. But, the constructor uses an unsigned type for the argument, so the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1.", - "cve": "CVE-2021-37645", - "id": "pyup.io-56872", - "more_info_path": "/vulnerabilities/CVE-2021-37645/56872", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", + "cve": "CVE-2021-37691", + "id": "pyup.io-56873", + "more_info_path": "/vulnerabilities/CVE-2021-37691/56873", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -50856,10 +51747,10 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", - "cve": "CVE-2021-37691", - "id": "pyup.io-56873", - "more_info_path": "/vulnerabilities/CVE-2021-37691/56873", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37688: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. The Tensorflow team has patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c.", + "cve": "CVE-2021-37688", + "id": "pyup.io-56871", + "more_info_path": "/vulnerabilities/CVE-2021-37688/56871", "specs": [ ">=2.5.0rc0,<2.5.1", ">=2.4.0rc0,<2.4.3", @@ -50916,19 +51807,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, - { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", - "cve": "CVE-2021-37657", - "id": "pyup.io-56857", - "more_info_path": "/vulnerabilities/CVE-2021-37657/56857", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" - }, { "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", "cve": "CVE-2021-37668", @@ -50943,10 +51821,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", - "cve": "CVE-2021-37663", - "id": "pyup.io-56859", - "more_info_path": "/vulnerabilities/CVE-2021-37663/56859", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", + "cve": "CVE-2021-37657", + "id": "pyup.io-56857", + "more_info_path": "/vulnerabilities/CVE-2021-37657/56857", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -50994,6 +51872,45 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, + { + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37653: In affected versions an attacker can trigger a crash via a floating point exception in 'tf.raw_ops.ResourceGather'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, 'batch_size', and then divides by it without checking that this value is not 0. The Tensorflow team has patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11.", + "cve": "CVE-2021-37653", + "id": "pyup.io-56866", + "more_info_path": "/vulnerabilities/CVE-2021-37653/56866", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + }, + { + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", + "cve": "CVE-2021-37660", + "id": "pyup.io-56867", + "more_info_path": "/vulnerabilities/CVE-2021-37660/56867", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + }, + { + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", + "cve": "CVE-2021-37663", + "id": "pyup.io-56859", + "more_info_path": "/vulnerabilities/CVE-2021-37663/56859", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + }, { "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", "cve": "CVE-2021-37687", @@ -51021,30 +51938,30 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37653: In affected versions an attacker can trigger a crash via a floating point exception in 'tf.raw_ops.ResourceGather'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L725-L731) computes the value of a value, 'batch_size', and then divides by it without checking that this value is not 0. The Tensorflow team has patched the issue in GitHub commit ac117ee8a8ea57b73d34665cdf00ef3303bc0b11.", - "cve": "CVE-2021-37653", - "id": "pyup.io-56866", - "more_info_path": "/vulnerabilities/CVE-2021-37653/56866", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37662: In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in 'BoostedTreesCalculateBestGainsPerFeature' and similar attack can occur in 'BoostedTreesCalculateBestFeatureSplitV2'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. The Tensorflow team has patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.", + "cve": "CVE-2021-37662", + "id": "pyup.io-56850", + "more_info_path": "/vulnerabilities/CVE-2021-37662/56850", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1" + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3" ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", - "cve": "CVE-2021-37660", - "id": "pyup.io-56867", - "more_info_path": "/vulnerabilities/CVE-2021-37660/56867", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37681: In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The 'GetVariableInput' function (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but 'GetTensorData' assumes that the argument is always a valid tensor. Furthermore, because 'GetVariableInput' calls 'GetMutableInput' (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L82-L90) which might return 'nullptr', the 'tensor->is_variable' expression can also trigger a null pointer exception. The Tensorflow team has patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76.", + "cve": "CVE-2021-37681", + "id": "pyup.io-56853", + "more_info_path": "/vulnerabilities/CVE-2021-37681/56853", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1" + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3" ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37641: In affected versions if the arguments to 'tf.raw_ops.RaggedGather' don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by 'params_nested_splits' is not an empty list of tensors. The Tensorflow team has patched the issue in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373.", @@ -51072,19 +51989,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, - { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37662: In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in 'BoostedTreesCalculateBestGainsPerFeature' and similar attack can occur in 'BoostedTreesCalculateBestFeatureSplitV2'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. The Tensorflow team has patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.", - "cve": "CVE-2021-37662", - "id": "pyup.io-56850", - "more_info_path": "/vulnerabilities/CVE-2021-37662/56850", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" - }, { "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37643: If a user does not provide a valid padding value to 'tf.raw_ops.MatrixDiagPartOp', then the code triggers a null pointer dereference (if input is empty) or produces invalid behavior, ignoring all values after the first. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/linalg/matrix_diag_op.cc#L89) reads the first value from a tensor buffer without first checking that the tensor has values to read from. The Tensorflow team has patched the issue in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988.", "cve": "CVE-2021-37643", @@ -51098,19 +52002,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, - { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37681: In affected versions the implementation of SVDF in TFLite is vulnerable to a null pointer error (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/svdf.cc#L300-L313). The 'GetVariableInput' function (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L115-L119) can return a null pointer but 'GetTensorData' assumes that the argument is always a valid tensor. Furthermore, because 'GetVariableInput' calls 'GetMutableInput' (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/kernel_util.cc#L82-L90) which might return 'nullptr', the 'tensor->is_variable' expression can also trigger a null pointer exception. The Tensorflow team has patched the issue in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76.", - "cve": "CVE-2021-37681", - "id": "pyup.io-56853", - "more_info_path": "/vulnerabilities/CVE-2021-37681/56853", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" - }, { "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37644: In affected versions providing a negative element to 'num_elements' list argument of 'tf.raw_ops.TensorListReserve' causes the runtime to abort the process due to reallocating a 'std::vector' to have a negative number of elements. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls 'std::vector.resize()' with the new size controlled by input given by the user, without checking that this input is valid. The Tensorflow team has patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2.", "cve": "CVE-2021-37644", @@ -51151,10 +52042,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37682:\nIn affected versions all TFLite operations that use quantization can be made to use unitialized values. (For example, https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200). The issue stems from the fact that \"quantization.params\" is only valid if \"quantization.type\" is different that \"kTfLiteNoQuantization\". However, these checks are missing in large parts of the code. The Tensorflow team has patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw\nhttps://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5\nhttps://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887\nhttps://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538", - "cve": "CVE-2021-37682", - "id": "pyup.io-56847", - "more_info_path": "/vulnerabilities/CVE-2021-37682/56847", + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37690:\nIn affected versions when running shape functions, some functions (such as 'MutableHashTableShape') produce extra output information in the form of a 'ShapeAndType' struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. 'ShapeRefiner' is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but the Tensorflow team was not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. The Tensorflow team has patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg\nhttps://github.com/tensorflow/tensorflow/commit/ee119d4a498979525046fba1c3dd3f13a039fbb1", + "cve": "CVE-2021-37690", + "id": "pyup.io-56848", + "more_info_path": "/vulnerabilities/CVE-2021-37690/56848", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.4.0rc0,<2.4.3", @@ -51164,10 +52055,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37690:\nIn affected versions when running shape functions, some functions (such as 'MutableHashTableShape') produce extra output information in the form of a 'ShapeAndType' struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. 'ShapeRefiner' is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but the Tensorflow team was not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. The Tensorflow team has patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg\nhttps://github.com/tensorflow/tensorflow/commit/ee119d4a498979525046fba1c3dd3f13a039fbb1", - "cve": "CVE-2021-37690", - "id": "pyup.io-56848", - "more_info_path": "/vulnerabilities/CVE-2021-37690/56848", + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37682:\nIn affected versions all TFLite operations that use quantization can be made to use unitialized values. (For example, https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200). The issue stems from the fact that \"quantization.params\" is only valid if \"quantization.type\" is different that \"kTfLiteNoQuantization\". However, these checks are missing in large parts of the code. The Tensorflow team has patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw\nhttps://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5\nhttps://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887\nhttps://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538", + "cve": "CVE-2021-37682", + "id": "pyup.io-56847", + "more_info_path": "/vulnerabilities/CVE-2021-37682/56847", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.4.0rc0,<2.4.3", @@ -51177,10 +52068,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22901", - "id": "pyup.io-56838", - "more_info_path": "/vulnerabilities/CVE-2021-22901/56838", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37677", + "id": "pyup.io-56845", + "more_info_path": "/vulnerabilities/CVE-2021-37677/56845", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51190,10 +52081,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", - "cve": "CVE-2021-37655", - "id": "pyup.io-56834", - "more_info_path": "/vulnerabilities/CVE-2021-37655/56834", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22901", + "id": "pyup.io-56838", + "more_info_path": "/vulnerabilities/CVE-2021-22901/56838", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51203,10 +52094,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", - "cve": "CVE-2021-37672", - "id": "pyup.io-56835", - "more_info_path": "/vulnerabilities/CVE-2021-37672/56835", + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", + "cve": "CVE-2021-37670", + "id": "pyup.io-56836", + "more_info_path": "/vulnerabilities/CVE-2021-37670/56836", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51216,10 +52107,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", - "cve": "CVE-2021-37670", - "id": "pyup.io-56836", - "more_info_path": "/vulnerabilities/CVE-2021-37670/56836", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", + "cve": "CVE-2021-37655", + "id": "pyup.io-56834", + "more_info_path": "/vulnerabilities/CVE-2021-37655/56834", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51229,10 +52120,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37679:\nIn affected versions it is possible to nest a \"tf.map_fn\" within another \"tf.map_fn\" call. However, if the input tensor is a \"RaggedTensor\" and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The \"t\" and \"z\" outputs should be identical, however this is not the case. The last row of \"t\" contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a \"Variant\" tensor to a \"RaggedTensor\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. The Tensorflow team has patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp\nhttps://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12", - "cve": "CVE-2021-37679", - "id": "pyup.io-56837", - "more_info_path": "/vulnerabilities/CVE-2021-37679/56837", + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", + "cve": "CVE-2021-37672", + "id": "pyup.io-56835", + "more_info_path": "/vulnerabilities/CVE-2021-37672/56835", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51281,10 +52172,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", - "cve": "CVE-2021-37650", - "id": "pyup.io-56842", - "more_info_path": "/vulnerabilities/CVE-2021-37650/56842", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37674", + "id": "pyup.io-56843", + "more_info_path": "/vulnerabilities/CVE-2021-37674/56843", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51294,10 +52185,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", - "cve": "CVE-2021-37669", - "id": "pyup.io-56844", - "more_info_path": "/vulnerabilities/CVE-2021-37669/56844", + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37679:\nIn affected versions it is possible to nest a \"tf.map_fn\" within another \"tf.map_fn\" call. However, if the input tensor is a \"RaggedTensor\" and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The \"t\" and \"z\" outputs should be identical, however this is not the case. The last row of \"t\" contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a \"Variant\" tensor to a \"RaggedTensor\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. The Tensorflow team has patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp\nhttps://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12", + "cve": "CVE-2021-37679", + "id": "pyup.io-56837", + "more_info_path": "/vulnerabilities/CVE-2021-37679/56837", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51307,10 +52198,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37677", - "id": "pyup.io-56845", - "more_info_path": "/vulnerabilities/CVE-2021-37677/56845", + "advisory": "Intel-tensorflow 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", + "cve": "CVE-2021-37650", + "id": "pyup.io-56842", + "more_info_path": "/vulnerabilities/CVE-2021-37650/56842", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51320,10 +52211,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37674", - "id": "pyup.io-56843", - "more_info_path": "/vulnerabilities/CVE-2021-37674/56843", + "advisory": "Intel-tensorflow version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37669:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.NonMaxSuppressionV5\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/image/non_max_suppression_op.cc#L170-L271) uses a user controlled argument to resize a \"std::vector\". However, as \"std::vector::resize\" takes the size argument as a \"size_t\" and \"output_size\" is an \"int\", there is an implicit conversion to unsigned. If the attacker supplies a negative value, this conversion results in a crash. A similar issue occurs in \"CombinedNonMaxSuppression\". The Tensorflow team has patched the issue in GitHub commit 3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d and commit b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vmjw-c2vp-p33c\nhttps://github.com/tensorflow/tensorflow/commit/3a7362750d5c372420aa8f0caf7bf5b5c3d0f52d\nhttps://github.com/tensorflow/tensorflow/commit/b5cdbf12ffcaaffecf98f22a6be5a64bb96e4f58", + "cve": "CVE-2021-37669", + "id": "pyup.io-56844", + "more_info_path": "/vulnerabilities/CVE-2021-37669/56844", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -51421,20 +52312,6 @@ } ], "intel-tensorflow-avx512": [ - { - "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling \"tf.raw_ops.GetSessionHandle\" or \"tf.raw_ops.GetSessionHandleV2\" results in a null pointer dereference In linked snippet, in eager mode, \"ctx->session_state()\" returns \"nullptr\". Since code immediately dereferences this, we get a segmentation fault. The issue was patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", - "cve": "CVE-2020-15204", - "id": "pyup.io-57502", - "more_info_path": "/vulnerabilities/CVE-2020-15204/57502", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0a0,<2.1.2", - ">=2.2.0a0,<2.2.1", - ">=2.3.0a0,<2.3.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" - }, { "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of 'SparseFillEmptyRowsGrad' uses a double indexing pattern. It is possible for 'reverse_index_map(i)' to be an index outside of bounds of 'grad_values', thus resulting in a heap buffer overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr", "cve": "CVE-2020-15195", @@ -51478,10 +52355,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", - "cve": "CVE-2020-15208", - "id": "pyup.io-57506", - "more_info_path": "/vulnerabilities/CVE-2020-15208/57506", + "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", + "cve": "CVE-2020-15207", + "id": "pyup.io-57512", + "more_info_path": "/vulnerabilities/CVE-2020-15207/57512", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -51505,6 +52382,34 @@ ], "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, + { + "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15204: In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling \"tf.raw_ops.GetSessionHandle\" or \"tf.raw_ops.GetSessionHandleV2\" results in a null pointer dereference In linked snippet, in eager mode, \"ctx->session_state()\" returns \"nullptr\". Since code immediately dereferences this, we get a segmentation fault. The issue was patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1", + "cve": "CVE-2020-15204", + "id": "pyup.io-57502", + "more_info_path": "/vulnerabilities/CVE-2020-15204/57502", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0a0,<2.1.2", + ">=2.2.0a0,<2.2.1", + ">=2.3.0a0,<2.3.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, and 2.3.1 include a fix for CVE-2020-15208: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a \"DCHECK\" which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue was patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d", + "cve": "CVE-2020-15208", + "id": "pyup.io-57506", + "more_info_path": "/vulnerabilities/CVE-2020-15208/57506", + "specs": [ + "<1.15.4", + ">=2.0.0a0,<2.0.3", + ">=2.1.0a0,<2.1.2", + ">=2.2.0a0,<2.2.1", + ">=2.3.0a0,<2.3.1" + ], + "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" + }, { "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15202: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the 'Shard' API in TensorFlow expects the last argument to be a function taking two 'int64' (i.e., 'long long') arguments. However, there are several places in TensorFlow where a lambda taking 'int' or 'int32' arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4", "cve": "CVE-2020-15202", @@ -51562,24 +52467,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15207: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses 'ResolveAxis' to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the 'DCHECK' does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34", - "cve": "CVE-2020-15207", - "id": "pyup.io-57512", - "more_info_path": "/vulnerabilities/CVE-2020-15207/57512", - "specs": [ - "<1.15.4", - ">=2.0.0a0,<2.0.3", - ">=2.1.0a0,<2.1.2", - ">=2.2.0a0,<2.2.1", - ">=2.3.0a0,<2.3.1" - ], - "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0a0,<2.1.2,>=2.2.0a0,<2.2.1,>=2.3.0a0,<2.3.1" - }, - { - "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15210: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2", - "cve": "CVE-2020-15210", - "id": "pyup.io-57500", - "more_info_path": "/vulnerabilities/CVE-2020-15210/57500", + "advisory": "Intel-tensorflow-avx512 2.4.0 includes a fix for CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"", + "cve": "CVE-2020-15194", + "id": "pyup.io-57501", + "more_info_path": "/vulnerabilities/CVE-2020-15194/57501", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -51590,10 +52481,10 @@ "v": "<1.15.4,>=2.0.0a0,<2.0.3,>=2.1.0rc0,<2.1.2,>=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 2.4.0 includes a fix for CVE-2020-15194: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"", - "cve": "CVE-2020-15194", - "id": "pyup.io-57501", - "more_info_path": "/vulnerabilities/CVE-2020-15194/57501", + "advisory": "Intel-tensorflow-avx512 versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 include a fix for CVE-2020-15210: In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2", + "cve": "CVE-2020-15210", + "id": "pyup.io-57500", + "more_info_path": "/vulnerabilities/CVE-2020-15210/57500", "specs": [ "<1.15.4", ">=2.0.0a0,<2.0.3", @@ -51734,6 +52625,83 @@ ], "v": "<1.15.5,>=2.0.0a0,<2.0.4,>=2.1.0rc0,<2.1.3,>=2.2.0rc0,<2.2.2,>=2.3.0rc0,<2.3.2,>=2.4.0rc0,<2.4.0" }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", + "cve": "CVE-2023-25676", + "id": "pyup.io-57078", + "more_info_path": "/vulnerabilities/CVE-2023-25676/57078", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", + "cve": "CVE-2023-25667", + "id": "pyup.io-57080", + "more_info_path": "/vulnerabilities/CVE-2023-25667/57080", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", + "cve": "CVE-2023-25674", + "id": "pyup.io-57081", + "more_info_path": "/vulnerabilities/CVE-2023-25674/57081", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25661: In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the 'Convolution3DTranspose' function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a 'Convolution3DTranspose' call.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", + "cve": "CVE-2023-25661", + "id": "pyup.io-57082", + "more_info_path": "/vulnerabilities/CVE-2023-25661/57082", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", + "cve": "CVE-2023-25675", + "id": "pyup.io-57084", + "more_info_path": "/vulnerabilities/CVE-2023-25675/57084", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25665: Prior to versions 2.12.0 and 2.11.1, when 'SparseSparseMaximum' is given invalid sparse tensors as inputs, it can give a null pointer error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", + "cve": "CVE-2023-25665", + "id": "pyup.io-57085", + "more_info_path": "/vulnerabilities/CVE-2023-25665/57085", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", + "cve": "CVE-2023-25669", + "id": "pyup.io-57089", + "more_info_path": "/vulnerabilities/CVE-2023-25669/57089", + "specs": [ + "<2.11.1", + ">=2.12.0rc0,<2.12.0" + ], + "v": "<2.11.1,>=2.12.0rc0,<2.12.0" + }, { "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25673: Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.", "cve": "CVE-2023-25673", @@ -51756,17 +52724,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25676: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.ParallelConcat' segfaults with a nullptr dereference when given a parameter 'shape' with rank that is not greater than zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq", - "cve": "CVE-2023-25676", - "id": "pyup.io-57078", - "more_info_path": "/vulnerabilities/CVE-2023-25676/57078", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25666: Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2", "cve": "CVE-2023-25666", @@ -51778,39 +52735,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25667: Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when '2^31 <= num_frames * height * width * channels < 2^32', for example Full HD screencast of at least 346 frames.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68", - "cve": "CVE-2023-25667", - "id": "pyup.io-57080", - "more_info_path": "/vulnerabilities/CVE-2023-25667/57080", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25674: Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579", - "cve": "CVE-2023-25674", - "id": "pyup.io-57081", - "more_info_path": "/vulnerabilities/CVE-2023-25674/57081", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25661: In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the 'Convolution3DTranspose' function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a 'Convolution3DTranspose' call.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq", - "cve": "CVE-2023-25661", - "id": "pyup.io-57082", - "more_info_path": "/vulnerabilities/CVE-2023-25661/57082", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25801: Prior to versions 2.12.0 and 2.11.1, 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' require the first and fourth elements of their parameter 'pooling_ratio' to be equal to 1.0, as pooling on batch and channel dimensions is not supported.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q", "cve": "CVE-2023-25801", @@ -51822,28 +52746,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25675: When running versions prior to 2.12.0 and 2.11.1 with XLA, 'tf.raw_ops.Bincount' segfaults when given a parameter 'weights' that is neither the same shape as parameter 'arr' nor a length-0 tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj", - "cve": "CVE-2023-25675", - "id": "pyup.io-57084", - "more_info_path": "/vulnerabilities/CVE-2023-25675/57084", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25665: Prior to versions 2.12.0 and 2.11.1, when 'SparseSparseMaximum' is given invalid sparse tensors as inputs, it can give a null pointer error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g", - "cve": "CVE-2023-25665", - "id": "pyup.io-57085", - "more_info_path": "/vulnerabilities/CVE-2023-25665/57085", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-27579: Constructing a tflite model with a paramater 'filter_input_channel' of less than 1 gives a FPE.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8", "cve": "CVE-2023-27579", @@ -51877,17 +52779,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25669: Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for 'tf.raw_ops.AvgPoolGrad', it can give a floating point exception.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p", - "cve": "CVE-2023-25669", - "id": "pyup.io-57089", - "more_info_path": "/vulnerabilities/CVE-2023-25669/57089", - "specs": [ - "<2.11.1", - ">=2.12.0rc0,<2.12.0" - ], - "v": "<2.11.1,>=2.12.0rc0,<2.12.0" - }, { "advisory": "Intel-tensorflow-avx512 2.11.1 and 2.12.0 include a fix for CVE-2023-25668: Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96", "cve": "CVE-2023-25668", @@ -51965,16 +52856,6 @@ ], "v": "<2.11.1,>=2.12.0rc0,<2.12.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", - "cve": "CVE-2020-15265", - "id": "pyup.io-57495", - "more_info_path": "/vulnerabilities/CVE-2020-15265/57495", - "specs": [ - "<2.4.0" - ], - "v": "<2.4.0" - }, { "advisory": "Intel-tensorflow-avx512 2.4.0 includes a fix for CVE-2020-15266: In Tensorflow before version 2.4.0, when the 'boxes' argument of 'tf.image.crop_and_resize' has a very large value, the CPU kernel implementation receives it as a C++ 'nan' floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault.\nhttps://github.com/tensorflow/tensorflow/issues/42129\nhttps://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc", "cve": "CVE-2020-15266", @@ -52005,6 +52886,16 @@ ], "v": "<2.4.0" }, + { + "advisory": "Intel-tensorflow-avx512 2.4.0 includes a fix for CVE-2020-15265: In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.", + "cve": "CVE-2020-15265", + "id": "pyup.io-57495", + "more_info_path": "/vulnerabilities/CVE-2020-15265/57495", + "specs": [ + "<2.4.0" + ], + "v": "<2.4.0" + }, { "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41210: In affected versions, the shape inference functions for 'SparseCountSparseOutput' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m342-ff57-4jcc\nhttps://github.com/tensorflow/tensorflow/commit/701cfaca222a82afbeeb17496bd718baa65a67d2", "cve": "CVE-2021-41210", @@ -52041,18 +52932,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", - "cve": "CVE-2021-22925", - "id": "pyup.io-57275", - "more_info_path": "/vulnerabilities/CVE-2021-22925/57275", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41227: In affected versions, the 'ImmutableConst' operation in TensorFlow can be tricked into reading arbitrary memory contents. This is because the 'tstring' TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype. The fix is also included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8c8-67vp-6mx7\nhttps://github.com/tensorflow/tensorflow/commit/1cb6bb6c2a6019417c9adaf9e6843ba75ee2580b\nhttps://github.com/tensorflow/tensorflow/commit/3712a2d3455e6ccb924daa5724a3652a86f6b585", "cve": "CVE-2021-41227", @@ -52065,18 +52944,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", - "cve": "CVE-2021-41218", - "id": "pyup.io-57278", - "more_info_path": "/vulnerabilities/CVE-2021-41218/57278", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41196: In affected versions, the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m539-j985-hcr8", "cve": "CVE-2021-41196", @@ -52089,18 +52956,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", - "cve": "CVE-2021-41201", - "id": "pyup.io-57280", - "more_info_path": "/vulnerabilities/CVE-2021-41201/57280", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41209: In affected versions, the implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6\nhttps://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235", "cve": "CVE-2021-41209", @@ -52162,10 +53017,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", - "cve": "CVE-2021-41223", - "id": "pyup.io-57286", - "more_info_path": "/vulnerabilities/CVE-2021-41223/57286", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22925.", + "cve": "CVE-2021-22925", + "id": "pyup.io-57275", + "more_info_path": "/vulnerabilities/CVE-2021-22925/57275", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52174,10 +53029,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", - "cve": "CVE-2021-41224", - "id": "pyup.io-57287", - "more_info_path": "/vulnerabilities/CVE-2021-41224/57287", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41218: In affected versions, the shape inference code for 'AllToAll' can be made to execute a division by 0. This occurs whenever the 'split_count' argument is 0. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9crf-c6qr-r273\nhttps://github.com/tensorflow/tensorflow/commit/a8ad3e5e79c75f36edb81e0ba3f3c0c5442aeddc", + "cve": "CVE-2021-41218", + "id": "pyup.io-57278", + "more_info_path": "/vulnerabilities/CVE-2021-41218/57278", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52186,10 +53041,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", - "cve": "CVE-2021-41217", - "id": "pyup.io-57288", - "more_info_path": "/vulnerabilities/CVE-2021-41217/57288", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41201: In affected versions, during execution, 'EinsumHelper::ParseEquation()' is supposed to set the flags in 'input_has_ellipsis' vector and '*output_has_ellipsis' boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to 'true' and never assigns 'false'. This results in unitialized variable access if callers assume that 'EinsumHelper::ParseEquation()' always sets these flags. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j86v-p27c-73fm\nhttps://github.com/tensorflow/tensorflow/commit/f09caa532b6e1ac8d2aa61b7832c78c5b79300c6", + "cve": "CVE-2021-41201", + "id": "pyup.io-57280", + "more_info_path": "/vulnerabilities/CVE-2021-41201/57280", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52198,10 +53053,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41205: In affected versions, the shape inference functions for the 'QuantizeAndDequantizeV*' operations can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f\nhttps://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", - "cve": "CVE-2021-41205", - "id": "pyup.io-57289", - "more_info_path": "/vulnerabilities/CVE-2021-41205/57289", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41223: In affected versions, the implementation of 'FusedBatchNorm' kernels is vulnerable to a heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f54p-f6jp-4rhr\nhttps://github.com/tensorflow/tensorflow/commit/aab9998916c2ffbd8f0592059fad352622f89cda", + "cve": "CVE-2021-41223", + "id": "pyup.io-57286", + "more_info_path": "/vulnerabilities/CVE-2021-41223/57286", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52210,10 +53065,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41214", - "id": "pyup.io-57290", - "more_info_path": "/vulnerabilities/CVE-2021-41214/57290", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41224: In affected versions, the implementation of 'SparseFillEmptyRows' can be made to trigger a heap OOB access. This occurs whenever the size of 'indices' does not match the size of 'values'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rg3m-hqc5-344v\nhttps://github.com/tensorflow/tensorflow/commit/67bfd9feeecfb3c61d80f0e46d89c170fbee682b", + "cve": "CVE-2021-41224", + "id": "pyup.io-57287", + "more_info_path": "/vulnerabilities/CVE-2021-41224/57287", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52222,10 +53077,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", - "cve": "CVE-2021-41219", - "id": "pyup.io-57291", - "more_info_path": "/vulnerabilities/CVE-2021-41219/57291", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41205: In affected versions, the shape inference functions for the 'QuantizeAndDequantizeV*' operations can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rx-x2rw-pc6f\nhttps://github.com/tensorflow/tensorflow/commit/7cf73a2274732c9d82af51c2bc2cf90d13cd7e6d", + "cve": "CVE-2021-41205", + "id": "pyup.io-57289", + "more_info_path": "/vulnerabilities/CVE-2021-41205/57289", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52234,10 +53089,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", - "cve": "CVE-2021-22924", - "id": "pyup.io-57292", - "more_info_path": "/vulnerabilities/CVE-2021-22924/57292", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41214: In affected versions, the shape inference code for 'tf.ragged.cross' has an undefined behavior due to binding a reference to 'nullptr'. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vwhq-49r4-gj9v\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41214", + "id": "pyup.io-57290", + "more_info_path": "/vulnerabilities/CVE-2021-41214/57290", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52246,10 +53101,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", - "cve": "CVE-2021-22923", - "id": "pyup.io-57293", - "more_info_path": "/vulnerabilities/CVE-2021-22923/57293", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22924.", + "cve": "CVE-2021-22924", + "id": "pyup.io-57292", + "more_info_path": "/vulnerabilities/CVE-2021-22924/57292", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52258,10 +53113,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", - "cve": "CVE-2021-41216", - "id": "pyup.io-57294", - "more_info_path": "/vulnerabilities/CVE-2021-41216/57294", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 update its dependency 'curl' to v7.78.0 to handle CVE-2021-22923.", + "cve": "CVE-2021-22923", + "id": "pyup.io-57293", + "more_info_path": "/vulnerabilities/CVE-2021-22923/57293", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52281,18 +53136,6 @@ ], "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", - "cve": "CVE-2021-41202", - "id": "pyup.io-57296", - "more_info_path": "/vulnerabilities/CVE-2021-41202/57296", - "specs": [ - "<2.4.4", - ">=2.5.0rc0,<2.5.2", - ">=2.6.0rc0,<2.6.1" - ], - "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41204: In affected versions, during TensorFlow's Grappler optimizer phase, constant folding might attempt to deep copy a resource tensor. This results in a segfault, as these tensors are supposed to not change. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-786j-5qwq-r36x\nhttps://github.com/tensorflow/tensorflow/commit/7731e8dfbe4a56773be5dc94d631611211156659", "cve": "CVE-2021-41204", @@ -52342,10 +53185,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41213: In affected versions, the code behind 'tf.function' API can be made to deadlock when two 'tf.function' decorated Python functions are mutually recursive. This occurs due to using a non-reentrant 'Lock' Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive 'tf.function', although this is not a frequent scenario.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf\nhttps://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7", - "cve": "CVE-2021-41213", - "id": "pyup.io-57301", - "more_info_path": "/vulnerabilities/CVE-2021-41213/57301", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41222: In affected versions, the implementation of 'SplitV' can trigger a segfault if an attacker supplies negative arguments. This occurs whenever 'size_splits' contains more than one value and at least one value is negative. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6\nhttps://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6", + "cve": "CVE-2021-41222", + "id": "pyup.io-57302", + "more_info_path": "/vulnerabilities/CVE-2021-41222/57302", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52354,10 +53197,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41222: In affected versions, the implementation of 'SplitV' can trigger a segfault if an attacker supplies negative arguments. This occurs whenever 'size_splits' contains more than one value and at least one value is negative. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cpf4-wx82-gxp6\nhttps://github.com/tensorflow/tensorflow/commit/25d622ffc432acc736b14ca3904177579e733cc6", - "cve": "CVE-2021-41222", - "id": "pyup.io-57302", - "more_info_path": "/vulnerabilities/CVE-2021-41222/57302", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", + "cve": "CVE-2021-41212", + "id": "pyup.io-57305", + "more_info_path": "/vulnerabilities/CVE-2021-41212/57305", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52366,10 +53209,10 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", - "cve": "CVE-2021-41221", - "id": "pyup.io-57304", - "more_info_path": "/vulnerabilities/CVE-2021-41221/57304", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41217: In affected versions, the process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not. This occurs because the code assumes that the first node in the pairing (e.g., an 'Enter' node) always exists when encountering the second node (e.g., an 'Exit' node). When this is not the case, 'parent' is 'nullptr' so dereferencing it causes a crash. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5crj-c72x-m7gq\nhttps://github.com/tensorflow/tensorflow/commit/05cbebd3c6bb8f517a158b0155debb8df79017ff", + "cve": "CVE-2021-41217", + "id": "pyup.io-57288", + "more_info_path": "/vulnerabilities/CVE-2021-41217/57288", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52378,10 +53221,58 @@ "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41212: In affected versions, the shape inference code for 'tf.ragged.cross' can trigger a read outside of bounds of heap allocated array. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fr77-rrx3-cp7g\nhttps://github.com/tensorflow/tensorflow/commit/fa6b7782fbb14aa08d767bc799c531f5e1fb3bb8", - "cve": "CVE-2021-41212", - "id": "pyup.io-57305", - "more_info_path": "/vulnerabilities/CVE-2021-41212/57305", + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41219: In affected versions, the code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to 'nullptr'. This occurs whenever the dimensions of 'a' or 'b' are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation is successful) but nothing should be written to it (that is, it should return early from the kernel implementation). Otherwise, attempts to write to this empty tensor would result in heap OOB access. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4f99-p9c2-3j8x\nhttps://github.com/tensorflow/tensorflow/commit/e6cf28c72ba2eb949ca950d834dd6d66bb01cfae", + "cve": "CVE-2021-41219", + "id": "pyup.io-57291", + "more_info_path": "/vulnerabilities/CVE-2021-41219/57291", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41216: In affected versions, the shape inference function for 'Transpose' is vulnerable to a heap buffer overflow. This occurs whenever 'perm' contains negative elements. The shape inference function does not validate that the indices in 'perm' are all valid. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3ff2-r28g-w7h9\nhttps://github.com/tensorflow/tensorflow/commit/c79ba87153ee343401dbe9d1954d7f79e521eb14", + "cve": "CVE-2021-41216", + "id": "pyup.io-57294", + "more_info_path": "/vulnerabilities/CVE-2021-41216/57294", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41202: In affected versions, while calculating the size of the output within the 'tf.range' kernel, there is a conditional statement of type 'int64 = condition ? int64 : double'. Due to C++ implicit conversion rules, both branches of the condition will be cast to 'double' and the result would be truncated before the assignment. This result in overflows. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrqm-fpgr-6hhx", + "cve": "CVE-2021-41202", + "id": "pyup.io-57296", + "more_info_path": "/vulnerabilities/CVE-2021-41202/57296", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41213: In affected versions, the code behind 'tf.function' API can be made to deadlock when two 'tf.function' decorated Python functions are mutually recursive. This occurs due to using a non-reentrant 'Lock' Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive 'tf.function', although this is not a frequent scenario.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h67m-xg8f-fxcf\nhttps://github.com/tensorflow/tensorflow/commit/afac8158d43691661ad083f6dd9e56f327c1dcb7", + "cve": "CVE-2021-41213", + "id": "pyup.io-57301", + "more_info_path": "/vulnerabilities/CVE-2021-41213/57301", + "specs": [ + "<2.4.4", + ">=2.5.0rc0,<2.5.2", + ">=2.6.0rc0,<2.6.1" + ], + "v": "<2.4.4,>=2.5.0rc0,<2.5.2,>=2.6.0rc0,<2.6.1" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.4.4, 2.5.2 and 2.6.1 include a fix for CVE-2021-41221: In affected versions, the shape inference code for the 'Cudnn*' operations can be tricked into accessing invalid memory via a heap buffer overflow. This occurs because the ranks of the 'input', 'input_h' and 'input_c' parameters are not validated, but code assumes they have certain values. The fix is included in TensorFlow 2.7.0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqv6-3phm-hcwx\nhttps://github.com/tensorflow/tensorflow/commit/af5fcebb37c8b5d71c237f4e59c6477015c78ce6", + "cve": "CVE-2021-41221", + "id": "pyup.io-57304", + "more_info_path": "/vulnerabilities/CVE-2021-41221/57304", "specs": [ "<2.4.4", ">=2.5.0rc0,<2.5.2", @@ -52464,32 +53355,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", - "cve": "CVE-2022-23563", - "id": "pyup.io-57225", - "more_info_path": "/vulnerabilities/CVE-2022-23563/57225", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", - "cve": "CVE-2022-21730", - "id": "pyup.io-57226", - "more_info_path": "/vulnerabilities/CVE-2022-21730/57226", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21736: The implementation of 'SparseTensorSliceDataset' has an undefined behavior: under certain conditions, it can be made to dereference a 'nullptr' value. The 3 input arguments to 'SparseTensorSliceDataset' represent a sparse tensor. However, there are some preconditions that these arguments must satisfy, but these are not validated in the implementation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pfjj-m3jj-9jc9", "cve": "CVE-2022-21736", @@ -52581,45 +53446,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23583", - "id": "pyup.io-57234", - "more_info_path": "/vulnerabilities/CVE-2022-23583/57234", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23573", - "id": "pyup.io-57235", - "more_info_path": "/vulnerabilities/CVE-2022-23573/57235", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, - { - "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23578", - "id": "pyup.io-57236", - "more_info_path": "/vulnerabilities/CVE-2022-23578/57236", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23589", @@ -52646,19 +53472,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", - "cve": "CVE-2022-21737", - "id": "pyup.io-57239", - "more_info_path": "/vulnerabilities/CVE-2022-21737/57239", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. There is a typo in TensorFlow's `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23574", @@ -52750,19 +53563,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", - "cve": "CVE-2022-21729", - "id": "pyup.io-57247", - "more_info_path": "/vulnerabilities/CVE-2022-21729/57247", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", "cve": "CVE-2022-23586", @@ -52802,19 +53602,6 @@ ], "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", - "cve": "CVE-2022-23564", - "id": "pyup.io-57251", - "more_info_path": "/vulnerabilities/CVE-2022-23564/57251", - "specs": [ - "<2.5.3", - ">=2.6.0a0,<2.6.3", - ">=2.7.0a0,<2.7.1", - ">=2.8.0a0,<2.8.0" - ], - "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21733: The implementation of 'StringNGrams' can be used to trigger a denial of service attack by causing an out of memory condition after an integer overflow. There is missing a validation on 'pad_witdh' and that result in computing a negative value for 'ngram_width' which is later used to allocate parts of the output.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-98j8-c9q4-r38g", "cve": "CVE-2022-21733", @@ -52868,10 +53655,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", - "cve": "CVE-2022-21735", - "id": "pyup.io-57256", - "more_info_path": "/vulnerabilities/CVE-2022-21735/57256", + "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23577", + "id": "pyup.io-57261", + "more_info_path": "/vulnerabilities/CVE-2022-23577/57261", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52881,10 +53668,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", - "cve": "CVE-2022-23557", - "id": "pyup.io-57257", - "more_info_path": "/vulnerabilities/CVE-2022-23557/57257", + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", + "cve": "CVE-2022-21740", + "id": "pyup.io-57264", + "more_info_path": "/vulnerabilities/CVE-2022-21740/57264", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52894,10 +53681,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23572", - "id": "pyup.io-57258", - "more_info_path": "/vulnerabilities/CVE-2022-23572/57258", + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", + "cve": "CVE-2022-23582", + "id": "pyup.io-57271", + "more_info_path": "/vulnerabilities/CVE-2022-23582/57271", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52907,10 +53694,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", - "cve": "CVE-2022-23565", - "id": "pyup.io-57259", - "more_info_path": "/vulnerabilities/CVE-2022-23565/57259", + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", + "cve": "CVE-2022-23561", + "id": "pyup.io-57273", + "more_info_path": "/vulnerabilities/CVE-2022-23561/57273", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52920,10 +53707,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", - "cve": "CVE-2022-23580", - "id": "pyup.io-57260", - "more_info_path": "/vulnerabilities/CVE-2022-23580/57260", + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", + "cve": "CVE-2022-21731", + "id": "pyup.io-57274", + "more_info_path": "/vulnerabilities/CVE-2022-21731/57274", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52933,10 +53720,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", - "cve": "CVE-2022-23577", - "id": "pyup.io-57261", - "more_info_path": "/vulnerabilities/CVE-2022-23577/57261", + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21730: The implementation of 'FractionalAvgPoolGrad' does not consider cases where the input tensors are invalid allowing an attacker to read from outside of bounds of heap.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vjg4-v33c-ggc4", + "cve": "CVE-2022-21730", + "id": "pyup.io-57226", + "more_info_path": "/vulnerabilities/CVE-2022-21730/57226", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52946,10 +53733,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", - "cve": "CVE-2022-21732", - "id": "pyup.io-57263", - "more_info_path": "/vulnerabilities/CVE-2022-21732/57263", + "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23573", + "id": "pyup.io-57235", + "more_info_path": "/vulnerabilities/CVE-2022-23573/57235", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -52959,10 +53746,101 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21740: The implementation of 'SparseCountSparseOutput' is vulnerable to a heap overflow.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r", - "cve": "CVE-2022-21740", - "id": "pyup.io-57264", - "more_info_path": "/vulnerabilities/CVE-2022-21740/57264", + "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23578", + "id": "pyup.io-57236", + "more_info_path": "/vulnerabilities/CVE-2022-23578/57236", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21737: The implementation of '*Bincount' operations allows malicious users to cause denial of service by passing in arguments which would trigger a 'CHECK'-fail. There are several conditions that the input arguments must satisfy. Some are not caught during shape inference and others are not caught during kernel implementation. This results in 'CHECK' failures later when the output tensors get allocated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2vv-v9cg-qhh7", + "cve": "CVE-2022-21737", + "id": "pyup.io-57239", + "more_info_path": "/vulnerabilities/CVE-2022-21737/57239", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21729: The implementation of 'UnravelIndex' is vulnerable to a division by zero caused by an integer overflow bug.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8j", + "cve": "CVE-2022-21729", + "id": "pyup.io-57247", + "more_info_path": "/vulnerabilities/CVE-2022-21729/57247", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23564: When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a 'CHECK' assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8rcj-c8pj-v3m3", + "cve": "CVE-2022-23564", + "id": "pyup.io-57251", + "more_info_path": "/vulnerabilities/CVE-2022-23564/57251", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21735: The implementation of 'FractionalMaxPool' can be made to crash a TensorFlow process via a division by 0.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-87v6-crgm-2gfj", + "cve": "CVE-2022-21735", + "id": "pyup.io-57256", + "more_info_path": "/vulnerabilities/CVE-2022-21735/57256", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23557: An attacker can craft a TFLite model that would trigger a division by zero in 'BiasAndClamp' implementation. There is no check that the 'bias_size' is non zero.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf2j-f278-xh4v", + "cve": "CVE-2022-23557", + "id": "pyup.io-57257", + "more_info_path": "/vulnerabilities/CVE-2022-23557/57257", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23565: An attacker can trigger denial of service via assertion failure by altering a 'SavedModel' on disk such that 'AttrDef's of some operation are duplicated.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4v5p-v5h9-6xjx", + "cve": "CVE-2022-23565", + "id": "pyup.io-57259", + "more_info_path": "/vulnerabilities/CVE-2022-23565/57259", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21732: The implementation of 'ThreadPoolHandle' can be used to trigger a denial of service attack by allocating too much memory. This is because the 'num_threads' argument is only checked to not be negative, but there is no upper bound on its value.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq", + "cve": "CVE-2022-21732", + "id": "pyup.io-57263", + "more_info_path": "/vulnerabilities/CVE-2022-21732/57263", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -53050,10 +53928,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23582: A malicious user can cause a denial of service by altering a 'SavedModel' such that 'TensorByteSize' would trigger 'CHECK' failures. 'TensorShape' constructor throws a 'CHECK'-fail if shape is partial or has a number of elements that would overflow the size of an 'int'. The 'PartialTensorShape' constructor instead does not cause a 'CHECK'-abort if the shape is partial, which is exactly what this function needs to be able to return '-1'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4j82-5ccr-4r8v", - "cve": "CVE-2022-23582", - "id": "pyup.io-57271", - "more_info_path": "/vulnerabilities/CVE-2022-23582/57271", + "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", + "cve": "CVE-2022-21726", + "id": "pyup.io-57272", + "more_info_path": "/vulnerabilities/CVE-2022-21726/57272", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -53063,10 +53941,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21726: The implementation of 'Dequantize' does not fully validate the value of 'axis' and can result in heap OOB accesses. The 'axis' argument can be '-1' (the default value for the optional argument) or any other positive value at most the number of dimensions of the input. Unfortunately, the upper bound is not checked and this results in reading past the end of the array containing the dimensions of the input tensor.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-23hm-7w47-xw72", - "cve": "CVE-2022-21726", - "id": "pyup.io-57272", - "more_info_path": "/vulnerabilities/CVE-2022-21726/57272", + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23580: During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7", + "cve": "CVE-2022-23580", + "id": "pyup.io-57260", + "more_info_path": "/vulnerabilities/CVE-2022-23580/57260", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -53076,10 +53954,10 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23561: An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c78-vcq7-7vxq", - "cve": "CVE-2022-23561", - "id": "pyup.io-57273", - "more_info_path": "/vulnerabilities/CVE-2022-23561/57273", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a 'SavedModel' such that any binary op would trigger 'CHECK' failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the 'dtype' no longer matches the 'dtype' expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If 'Tin' and 'Tout' don't match the type of data in 'out' and 'input_*' tensors then 'flat<*>' would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a 'CHECK' crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23583", + "id": "pyup.io-57234", + "more_info_path": "/vulnerabilities/CVE-2022-23583/57234", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -53089,10 +53967,23 @@ "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-21731: The implementation of shape inference for 'ConcatV2' can be used to trigger a denial of service attack via a segfault caused by a type confusion. The 'axis' argument is translated into 'concat_dim' in the 'ConcatShapeHelper' helper function. Then, a value for 'min_rank' is computed based on 'concat_dim'. This is then used to validate that the 'values' tensor has at least the required rank. However, 'WithRankAtLeast' receives the lower bound as a 64-bits value and then compares it against the maximum 32-bits integer value that could be represented. Due to the fact that 'min_rank' is a 32-bits value and the value of 'axis', the 'rank' argument is a negative value, so the error check is bypassed.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m4hf-j54p-p353", - "cve": "CVE-2022-21731", - "id": "pyup.io-57274", - "more_info_path": "/vulnerabilities/CVE-2022-21731/57274", + "advisory": "Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the 'DCHECK' function however, 'DCHECK' is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the 'ValueOrDie' line. This results in an assertion failure as 'ret' contains an error 'Status', not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.", + "cve": "CVE-2022-23572", + "id": "pyup.io-57258", + "more_info_path": "/vulnerabilities/CVE-2022-23572/57258", + "specs": [ + "<2.5.3", + ">=2.6.0a0,<2.6.3", + ">=2.7.0a0,<2.7.1", + ">=2.8.0a0,<2.8.0" + ], + "v": "<2.5.3,>=2.6.0a0,<2.6.3,>=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" + }, + { + "advisory": "Tensorflow versions 2.5.3, 2.6.3, 2.7.1 and 2.8.0 include a fix for CVE-2022-23563: In multiple places, TensorFlow uses 'tempfile.mktemp' to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in 'mktemp' and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the 'mktemp' function usage. It was replaced 'mktemp' with the safer 'mkstemp'/'mkdtemp' functions, according to the usage pattern.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wc4g-r73w-x8mm", + "cve": "CVE-2022-23563", + "id": "pyup.io-57225", + "more_info_path": "/vulnerabilities/CVE-2022-23563/57225", "specs": [ "<2.5.3", ">=2.6.0a0,<2.6.3", @@ -53126,10 +54017,10 @@ "v": "<2.5.3,>=2.6.0rc0,<2.6.3,>=2.7.0rc0,<2.7.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", - "cve": "CVE-2022-27775", - "id": "pyup.io-57181", - "more_info_path": "/vulnerabilities/CVE-2022-27775/57181", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", + "cve": "CVE-2022-29193", + "id": "pyup.io-57183", + "more_info_path": "/vulnerabilities/CVE-2022-29193/57183", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53139,10 +54030,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29216: Code injection in 'saved_model_cli'.", - "cve": "CVE-2022-29216", - "id": "pyup.io-57182", - "more_info_path": "/vulnerabilities/CVE-2022-29216/57182", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", + "cve": "CVE-2022-27776", + "id": "pyup.io-57184", + "more_info_path": "/vulnerabilities/CVE-2022-27776/57184", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53152,10 +54043,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29193: missing validation which causes 'TensorSummaryV2' to crash.", - "cve": "CVE-2022-29193", - "id": "pyup.io-57183", - "more_info_path": "/vulnerabilities/CVE-2022-29193/57183", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", + "cve": "CVE-2022-29197", + "id": "pyup.io-57189", + "more_info_path": "/vulnerabilities/CVE-2022-29197/57189", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53165,10 +54056,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27776.", - "cve": "CVE-2022-27776", - "id": "pyup.io-57184", - "more_info_path": "/vulnerabilities/CVE-2022-27776/57184", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", + "cve": "CVE-2022-29195", + "id": "pyup.io-57191", + "more_info_path": "/vulnerabilities/CVE-2022-29195/57191", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53178,10 +54069,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", - "cve": "CVE-2022-29200", - "id": "pyup.io-57185", - "more_info_path": "/vulnerabilities/CVE-2022-29200/57185", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", + "cve": "CVE-2022-27778", + "id": "pyup.io-57195", + "more_info_path": "/vulnerabilities/CVE-2022-27778/57195", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53191,10 +54082,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", - "cve": "CVE-2022-29198", - "id": "pyup.io-57186", - "more_info_path": "/vulnerabilities/CVE-2022-29198/57186", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29211: Segfault when 'tf.histogram_fixed_width' is called with NaN values.", + "cve": "CVE-2022-29211", + "id": "pyup.io-57205", + "more_info_path": "/vulnerabilities/CVE-2022-29211/57205", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53204,10 +54095,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", - "cve": "CVE-2022-29196", - "id": "pyup.io-57187", - "more_info_path": "/vulnerabilities/CVE-2022-29196/57187", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", + "cve": "CVE-2022-29205", + "id": "pyup.io-57208", + "more_info_path": "/vulnerabilities/CVE-2022-29205/57208", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53217,10 +54108,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29207: Issues arising from undefined behavior stemming from users supplying invalid resource handles.", - "cve": "CVE-2022-29207", - "id": "pyup.io-57188", - "more_info_path": "/vulnerabilities/CVE-2022-29207/57188", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27775.", + "cve": "CVE-2022-27775", + "id": "pyup.io-57181", + "more_info_path": "/vulnerabilities/CVE-2022-27775/57181", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53230,10 +54121,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29197: Missing validation which causes denial of service via 'UnsortedSegmentJoin'.", - "cve": "CVE-2022-29197", - "id": "pyup.io-57189", - "more_info_path": "/vulnerabilities/CVE-2022-29197/57189", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29216: Code injection in 'saved_model_cli'.", + "cve": "CVE-2022-29216", + "id": "pyup.io-57182", + "more_info_path": "/vulnerabilities/CVE-2022-29216/57182", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53243,10 +54134,10 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", - "cve": "CVE-2022-29208", - "id": "pyup.io-57190", - "more_info_path": "/vulnerabilities/CVE-2022-29208/57190", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29198: Missing validation which causes denial of service via 'SparseTensorToCSRSparseMatrix'.", + "cve": "CVE-2022-29198", + "id": "pyup.io-57186", + "more_info_path": "/vulnerabilities/CVE-2022-29198/57186", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53256,10 +54147,23 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29195: Missing validation which causes denial of service via 'StagePeek'.", - "cve": "CVE-2022-29195", - "id": "pyup.io-57191", - "more_info_path": "/vulnerabilities/CVE-2022-29195/57191", + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29207: Issues arising from undefined behavior stemming from users supplying invalid resource handles.", + "cve": "CVE-2022-29207", + "id": "pyup.io-57188", + "more_info_path": "/vulnerabilities/CVE-2022-29207/57188", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29208: Segfault and OOB write due to incomplete validation in 'EditDistance'.", + "cve": "CVE-2022-29208", + "id": "pyup.io-57190", + "more_info_path": "/vulnerabilities/CVE-2022-29208/57190", "specs": [ "<2.6.4", ">=2.7.0rc0,<2.7.2", @@ -53307,32 +54211,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27778.", - "cve": "CVE-2022-27778", - "id": "pyup.io-57195", - "more_info_path": "/vulnerabilities/CVE-2022-27778/57195", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", - "cve": "CVE-2022-27779", - "id": "pyup.io-57196", - "more_info_path": "/vulnerabilities/CVE-2022-27779/57196", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27781.", "cve": "CVE-2022-27781", @@ -53386,7 +54264,7 @@ "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29202: Denial of service in 'tf.ragged.constant' due to lack of validation.", "cve": "CVE-2022-29202", "id": "pyup.io-57201", "more_info_path": "/vulnerabilities/CVE-2022-29202/57201", @@ -53398,19 +54276,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", - "cve": "CVE-2022-29201", - "id": "pyup.io-57202", - "more_info_path": "/vulnerabilities/CVE-2022-29201/57202", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29206: Missing validation which results in undefined behavior in 'SparseTensorDenseAdd'.", "cve": "CVE-2022-29206", @@ -53437,19 +54302,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29211: Segfault when 'tf.histogram_fixed_width' is called with NaN values.", - "cve": "CVE-2022-29211", - "id": "pyup.io-57205", - "more_info_path": "/vulnerabilities/CVE-2022-29211/57205", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29192: missing validation which crashes 'QuantizeAndDequantizeV4Grad'.", "cve": "CVE-2022-29192", @@ -53476,19 +54328,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29205: Segfault due to missing support for quantized types.", - "cve": "CVE-2022-29205", - "id": "pyup.io-57208", - "more_info_path": "/vulnerabilities/CVE-2022-29205/57208", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29199: Missing validation which causes denial of service via 'LoadAndRemapMatrix'.", "cve": "CVE-2022-29199", @@ -53502,19 +54341,6 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, - { - "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", - "cve": "CVE-2022-29213", - "id": "pyup.io-57210", - "more_info_path": "/vulnerabilities/CVE-2022-29213/57210", - "specs": [ - "<2.6.4", - ">=2.7.0rc0,<2.7.2", - ">=2.8.0rc0,<2.8.1", - ">=2.9.0rc0,<2.9.0" - ], - "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-22576.", "cve": "CVE-2022-22576", @@ -53580,6 +54406,71 @@ ], "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29213: Crashes stemming from incomplete validation in signal ops.", + "cve": "CVE-2022-29213", + "id": "pyup.io-57210", + "more_info_path": "/vulnerabilities/CVE-2022-29213/57210", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29201: Missing validation which results in undefined behavior in 'QuantizedConv2D'.", + "cve": "CVE-2022-29201", + "id": "pyup.io-57202", + "more_info_path": "/vulnerabilities/CVE-2022-29201/57202", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29200: Missing validation which causes denial of service via 'LSTMBlockCell'.", + "cve": "CVE-2022-29200", + "id": "pyup.io-57185", + "more_info_path": "/vulnerabilities/CVE-2022-29200/57185", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Tensorflow versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 include a fix for CVE-2022-29196: Missing validation which causes denial of service via 'Conv3DBackpropFilterV2'.", + "cve": "CVE-2022-29196", + "id": "pyup.io-57187", + "more_info_path": "/vulnerabilities/CVE-2022-29196/57187", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, + { + "advisory": "Intel-tensorflow-avx512 versions 2.6.4, 2.7.2, 2.8.1 and 2.9.0 update 'curl' to v7.83.1 to handle CVE-2022-27779.", + "cve": "CVE-2022-27779", + "id": "pyup.io-57196", + "more_info_path": "/vulnerabilities/CVE-2022-27779/57196", + "specs": [ + "<2.6.4", + ">=2.7.0rc0,<2.7.2", + ">=2.8.0rc0,<2.8.1", + ">=2.9.0rc0,<2.9.0" + ], + "v": "<2.6.4,>=2.7.0rc0,<2.7.2,>=2.8.0rc0,<2.8.1,>=2.9.0rc0,<2.9.0" + }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35937: OOB read in 'Gather_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pxrw-j2fv-hx3h", "cve": "CVE-2022-35937", @@ -53593,10 +54484,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", - "cve": "CVE-2022-35939", - "id": "pyup.io-57125", - "more_info_path": "/vulnerabilities/CVE-2022-35939/57125", + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", + "cve": "CVE-2022-35960", + "id": "pyup.io-57127", + "more_info_path": "/vulnerabilities/CVE-2022-35960/57127", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -53605,10 +54496,10 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", - "cve": "CVE-2022-35952", - "id": "pyup.io-57126", - "more_info_path": "/vulnerabilities/CVE-2022-35952/57126", + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", + "cve": "CVE-2022-35934", + "id": "pyup.io-57134", + "more_info_path": "/vulnerabilities/CVE-2022-35934/57134", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -53617,10 +54508,178 @@ "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35960: 'CHECK' failure in 'TensorListReserve' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v5xg-3q2c-c2r4", - "cve": "CVE-2022-35960", - "id": "pyup.io-57127", - "more_info_path": "/vulnerabilities/CVE-2022-35960/57127", + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", + "cve": "CVE-2022-35996", + "id": "pyup.io-57139", + "more_info_path": "/vulnerabilities/CVE-2022-35996/57139", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", + "cve": "CVE-2022-35959", + "id": "pyup.io-57141", + "more_info_path": "/vulnerabilities/CVE-2022-35959/57141", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", + "cve": "CVE-2022-36000", + "id": "pyup.io-57147", + "more_info_path": "/vulnerabilities/CVE-2022-36000/57147", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", + "cve": "CVE-2022-35986", + "id": "pyup.io-57149", + "more_info_path": "/vulnerabilities/CVE-2022-35986/57149", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", + "cve": "CVE-2022-35973", + "id": "pyup.io-57151", + "more_info_path": "/vulnerabilities/CVE-2022-35973/57151", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", + "cve": "CVE-2022-36027", + "id": "pyup.io-57156", + "more_info_path": "/vulnerabilities/CVE-2022-36027/57156", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", + "cve": "CVE-2022-36014", + "id": "pyup.io-57160", + "more_info_path": "/vulnerabilities/CVE-2022-36014/57160", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", + "cve": "CVE-2022-36016", + "id": "pyup.io-57162", + "more_info_path": "/vulnerabilities/CVE-2022-36016/57162", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", + "cve": "CVE-2022-35988", + "id": "pyup.io-57163", + "more_info_path": "/vulnerabilities/CVE-2022-35988/57163", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", + "cve": "CVE-2022-35968", + "id": "pyup.io-57167", + "more_info_path": "/vulnerabilities/CVE-2022-35968/57167", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", + "cve": "CVE-2022-35940", + "id": "pyup.io-57170", + "more_info_path": "/vulnerabilities/CVE-2022-35940/57170", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", + "cve": "CVE-2022-36004", + "id": "pyup.io-57176", + "more_info_path": "/vulnerabilities/CVE-2022-36004/57176", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", + "cve": "CVE-2022-35989", + "id": "pyup.io-57178", + "more_info_path": "/vulnerabilities/CVE-2022-35989/57178", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35939: OOB write in 'scatter_nd' op in TF Lite.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-ffjm-4qwc-7cmf", + "cve": "CVE-2022-35939", + "id": "pyup.io-57125", + "more_info_path": "/vulnerabilities/CVE-2022-35939/57125", + "specs": [ + "<2.7.4", + ">=2.8.0rc0,<2.8.3", + ">=2.9.0rc0,<2.9.2" + ], + "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35952: 'CHECK' failures in 'UnbatchGradOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h5vq-gw2c-pq47", + "cve": "CVE-2022-35952", + "id": "pyup.io-57126", + "more_info_path": "/vulnerabilities/CVE-2022-35952/57126", "specs": [ "<2.7.4", ">=2.8.0rc0,<2.8.3", @@ -53700,18 +54759,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35934: 'CHECK' failure in tf.reshape via overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f4w6-h4f5-wx45", - "cve": "CVE-2022-35934", - "id": "pyup.io-57134", - "more_info_path": "/vulnerabilities/CVE-2022-35934/57134", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36002: 'CHECK' fail in 'Unbatch'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg", "cve": "CVE-2022-36002", @@ -53760,18 +54807,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35996: Floating point exception in 'Conv2D'. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37", - "cve": "CVE-2022-35996", - "id": "pyup.io-57139", - "more_info_path": "/vulnerabilities/CVE-2022-35996/57139", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35990: 'CHECK' fail in 'FakeQuantWithMinMaxVarsPerChannelGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h7ff-cfc9-wmmh", "cve": "CVE-2022-35990", @@ -53784,18 +54819,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35959: 'CHECK' failures in 'AvgPool3DGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wxjj-cgcx-r3vq", - "cve": "CVE-2022-35959", - "id": "pyup.io-57141", - "more_info_path": "/vulnerabilities/CVE-2022-35959/57141", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35964: Segfault in 'BlockLSTMGradV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f7r5-q7cx-h668", "cve": "CVE-2022-35964", @@ -53856,18 +54879,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36000: 'CHECK' fail in 'Eig'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqxc-pvf8-2w9v", - "cve": "CVE-2022-36000", - "id": "pyup.io-57147", - "more_info_path": "/vulnerabilities/CVE-2022-36000/57147", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35992: 'CHECK' fail in 'TensorListFromTensor'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9v8w-xmr4-wgxp", "cve": "CVE-2022-35992", @@ -53880,18 +54891,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35986: Segfault in 'RaggedBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-wr9v-g9vf-c74v", - "cve": "CVE-2022-35986", - "id": "pyup.io-57149", - "more_info_path": "/vulnerabilities/CVE-2022-35986/57149", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35974: Segfault in 'QuantizeDownAndShrinkRange'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vgvh-2pf4-jr2x", "cve": "CVE-2022-35974", @@ -53904,18 +54903,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35973: Segfault in 'QuantizedMatMul'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-689c-r7h2-fv9v", - "cve": "CVE-2022-35973", - "id": "pyup.io-57151", - "more_info_path": "/vulnerabilities/CVE-2022-35973/57151", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35987: 'CHECK' fail in 'DenseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-w62h-8xjm-fv49", "cve": "CVE-2022-35987", @@ -53964,18 +54951,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36027: Segfault TFLite converter on per-channel quantized transposed convolutions.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-79h2-q768-fpxr", - "cve": "CVE-2022-36027", - "id": "pyup.io-57156", - "more_info_path": "/vulnerabilities/CVE-2022-36027/57156", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35982: Segfault in 'SparseBincount'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-397c-5g2j-qxpv", "cve": "CVE-2022-35982", @@ -54012,18 +54987,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36014: Null-dereference in 'mlir::tfg::TFOp::nameAttr'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-7j3m-8g3c-9qqq", - "cve": "CVE-2022-36014", - "id": "pyup.io-57160", - "more_info_path": "/vulnerabilities/CVE-2022-36014/57160", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35941: 'CHECK' failure in 'AvgPoolOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mgmh-g2v6-mqw5", "cve": "CVE-2022-35941", @@ -54036,30 +54999,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36016: 'CHECK'-fail in 'tensorflow::full_type::SubstituteFromAttrs'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g468-qj8g-vcjc", - "cve": "CVE-2022-36016", - "id": "pyup.io-57162", - "more_info_path": "/vulnerabilities/CVE-2022-36016/57162", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35988: 'CHECK' fail in 'tf.linalg.matrix_rank'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9vqj-64pv-w55c", - "cve": "CVE-2022-35988", - "id": "pyup.io-57163", - "more_info_path": "/vulnerabilities/CVE-2022-35988/57163", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35965: Segfault in 'LowerBound' and 'UpperBound'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-qxpx-j395-pw36", "cve": "CVE-2022-35965", @@ -54096,18 +55035,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35968: 'CHECK' fail in 'AvgPoolGrad'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2475-53vw-vp25", - "cve": "CVE-2022-35968", - "id": "pyup.io-57167", - "more_info_path": "/vulnerabilities/CVE-2022-35968/57167", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35970: Segfault in 'QuantizedInstanceNorm'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g35r-369w-3fqp", "cve": "CVE-2022-35970", @@ -54132,18 +55059,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35940: Int overflow in 'RaggedRangeOp'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x989-q2pq-4q5x", - "cve": "CVE-2022-35940", - "id": "pyup.io-57170", - "more_info_path": "/vulnerabilities/CVE-2022-35940/57170", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36001: 'CHECK' fail in 'DrawBoundingBoxes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5", "cve": "CVE-2022-36001", @@ -54204,18 +55119,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36004: 'CHECK' fail in 'tf.random.gamma'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", - "cve": "CVE-2022-36004", - "id": "pyup.io-57176", - "more_info_path": "/vulnerabilities/CVE-2022-36004/57176", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36018: 'CHECK' fail in 'RaggedTensorToVariant'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-m6cv-4fmf-66xf", "cve": "CVE-2022-36018", @@ -54228,18 +55131,6 @@ ], "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-35989: 'CHECK' fail in 'MaxPool'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-j43h-pgmg-5hjq", - "cve": "CVE-2022-35989", - "id": "pyup.io-57178", - "more_info_path": "/vulnerabilities/CVE-2022-35989/57178", - "specs": [ - "<2.7.4", - ">=2.8.0rc0,<2.8.3", - ">=2.9.0rc0,<2.9.2" - ], - "v": "<2.7.4,>=2.8.0rc0,<2.8.3,>=2.9.0rc0,<2.9.2" - }, { "advisory": "Intel-tensorflow-avx512 2.7.4, 2.8.3 and 2.9.2 include a fix for CVE-2022-36005: 'CHECK' fail in 'FakeQuantWithMinMaxVarsGradient'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", "cve": "CVE-2022-36005", @@ -54265,10 +55156,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", - "cve": "CVE-2022-41901", - "id": "pyup.io-57099", - "more_info_path": "/vulnerabilities/CVE-2022-41901/57099", + "advisory": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", + "cve": "CVE-2022-41902", + "id": "pyup.io-57113", + "more_info_path": "/vulnerabilities/CVE-2022-41902/57113", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54277,10 +55168,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", - "cve": "CVE-2022-41895", - "id": "pyup.io-57100", - "more_info_path": "/vulnerabilities/CVE-2022-41895/57100", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", + "cve": "CVE-2022-41911", + "id": "pyup.io-57102", + "more_info_path": "/vulnerabilities/CVE-2022-41911/57102", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54289,10 +55180,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", - "cve": "CVE-2022-41891", - "id": "pyup.io-57101", - "more_info_path": "/vulnerabilities/CVE-2022-41891/57101", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", + "cve": "CVE-2022-41900", + "id": "pyup.io-57109", + "more_info_path": "/vulnerabilities/CVE-2022-41900/57109", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54301,10 +55192,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41911: When printing a tensor, we get it's data as a 'const char*' array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from 'char' to 'bool' are undefined if the 'char' is not '0' or '1', so sanitizers/fuzzers will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pf36-r9c6-h97j", - "cve": "CVE-2022-41911", - "id": "pyup.io-57102", - "more_info_path": "/vulnerabilities/CVE-2022-41911/57102", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", + "cve": "CVE-2022-41890", + "id": "pyup.io-57110", + "more_info_path": "/vulnerabilities/CVE-2022-41890/57110", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54313,10 +55204,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", - "cve": "CVE-2022-41889", - "id": "pyup.io-57103", - "more_info_path": "/vulnerabilities/CVE-2022-41889/57103", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", + "cve": "CVE-2022-41897", + "id": "pyup.io-57116", + "more_info_path": "/vulnerabilities/CVE-2022-41897/57116", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54325,10 +55216,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", - "cve": "CVE-2022-41885", - "id": "pyup.io-57104", - "more_info_path": "/vulnerabilities/CVE-2022-41885/57104", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", + "cve": "CVE-2022-41886", + "id": "pyup.io-57117", + "more_info_path": "/vulnerabilities/CVE-2022-41886/57117", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54337,10 +55228,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", - "cve": "CVE-2022-41899", - "id": "pyup.io-57105", - "more_info_path": "/vulnerabilities/CVE-2022-41899/57105", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", + "cve": "CVE-2022-41888", + "id": "pyup.io-57119", + "more_info_path": "/vulnerabilities/CVE-2022-41888/57119", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54349,10 +55240,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", - "cve": "CVE-2022-41893", - "id": "pyup.io-57106", - "more_info_path": "/vulnerabilities/CVE-2022-41893/57106", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", + "cve": "CVE-2022-41894", + "id": "pyup.io-57121", + "more_info_path": "/vulnerabilities/CVE-2022-41894/57121", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54361,10 +55252,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", - "cve": "CVE-2022-41909", - "id": "pyup.io-57107", - "more_info_path": "/vulnerabilities/CVE-2022-41909/57107", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41895: If 'MirrorPadGrad' is given outsize input 'paddings', TensorFlow will give a heap OOB error.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-gq2j-cr96-gvqx", + "cve": "CVE-2022-41895", + "id": "pyup.io-57100", + "more_info_path": "/vulnerabilities/CVE-2022-41895/57100", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54373,10 +55264,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", - "cve": "CVE-2022-41908", - "id": "pyup.io-57108", - "more_info_path": "/vulnerabilities/CVE-2022-41908/57108", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41889: If a list of quantized tensors is assigned to an attribute, the pywrap code fails to parse the tensor and returns a 'nullptr', which is not caught. An example can be seen in 'tf.compat.v1.extract_volume_patches' by passing in quantized tensors as input 'ksizes'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xxcj-rhqg-m46g", + "cve": "CVE-2022-41889", + "id": "pyup.io-57103", + "more_info_path": "/vulnerabilities/CVE-2022-41889/57103", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54385,10 +55276,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41900: The security vulnerability results in FractionalMax(AVG)Pool with illegal pooling_ratio. Attackers using Tensorflow can exploit the vulnerability. They can access heap memory which is not in the control of user, leading to a crash or remote code execution.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xvwp-h6jv-7472", - "cve": "CVE-2022-41900", - "id": "pyup.io-57109", - "more_info_path": "/vulnerabilities/CVE-2022-41900/57109", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41885: When 'tf.raw_ops.FusedResizeAndPadConv2D' is given a large tensor shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-762h-vpvw-3rcx", + "cve": "CVE-2022-41885", + "id": "pyup.io-57104", + "more_info_path": "/vulnerabilities/CVE-2022-41885/57104", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54397,10 +55288,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41890: If 'BCast::ToShape' is given input larger than an 'int32', it will crash, despite being supposed to handle up to an 'int64'. An example can be seen in 'tf.experimental.numpy.outer' by passing in large input to the input 'b'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h246-cgh4-7475", - "cve": "CVE-2022-41890", - "id": "pyup.io-57110", - "more_info_path": "/vulnerabilities/CVE-2022-41890/57110", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41893: If 'tf.raw_ops.TensorListResize' is given a nonscalar value for input 'size', it results 'CHECK' fail which can be used to trigger a denial of service attack.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-67pf-62xr-q35m", + "cve": "CVE-2022-41893", + "id": "pyup.io-57106", + "more_info_path": "/vulnerabilities/CVE-2022-41893/57106", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54409,10 +55300,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", - "cve": "CVE-2022-41880", - "id": "pyup.io-57111", - "more_info_path": "/vulnerabilities/CVE-2022-41880/57111", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41908: TensorFlow is an open source platform for machine learning. An input 'token' that is not a UTF-8 bytestring will trigger a 'CHECK' fail in 'tf.raw_ops.PyFunc'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv77-9g28-cwg3", + "cve": "CVE-2022-41908", + "id": "pyup.io-57108", + "more_info_path": "/vulnerabilities/CVE-2022-41908/57108", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54421,10 +55312,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", - "cve": "CVE-2022-41896", - "id": "pyup.io-57114", - "more_info_path": "/vulnerabilities/CVE-2022-41896/57114", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41880: When the 'BaseCandidateSamplerOp' function receives a value in 'true_classes' larger than 'range_max', a heap oob read occurs.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8w5g-3wcv-9g2j", + "cve": "CVE-2022-41880", + "id": "pyup.io-57111", + "more_info_path": "/vulnerabilities/CVE-2022-41880/57111", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54445,10 +55336,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41897: If 'FractionMaxPoolGrad' is given outsize inputs 'row_pooling_sequence' and 'col_pooling_sequence', TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-f2w8-jw48-fr7j", - "cve": "CVE-2022-41897", - "id": "pyup.io-57116", - "more_info_path": "/vulnerabilities/CVE-2022-41897/57116", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", + "cve": "CVE-2022-41910", + "id": "pyup.io-57118", + "more_info_path": "/vulnerabilities/CVE-2022-41910/57118", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54457,10 +55348,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41886: When 'tf.raw_ops.ImageProjectiveTransformV2' is given a large output shape, it overflows.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-54pp-c6pp-7fpx", - "cve": "CVE-2022-41886", - "id": "pyup.io-57117", - "more_info_path": "/vulnerabilities/CVE-2022-41886/57117", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", + "cve": "CVE-2022-41898", + "id": "pyup.io-57120", + "more_info_path": "/vulnerabilities/CVE-2022-41898/57120", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54469,10 +55360,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41910: The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-frqp-wp83-qggv", - "cve": "CVE-2022-41910", - "id": "pyup.io-57118", - "more_info_path": "/vulnerabilities/CVE-2022-41910/57118", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41896: If 'ThreadUnsafeUnigramCandidateSampler' is given input 'filterbank_channel_count' greater than the allowed max size, TensorFlow will crash.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rmg2-f698-wq35", + "cve": "CVE-2022-41896", + "id": "pyup.io-57114", + "more_info_path": "/vulnerabilities/CVE-2022-41896/57114", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54481,10 +55372,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41888: When running on GPU, 'tf.image.generate_bounding_box_proposals' receives a 'scores' input that must be of rank 4 but is not checked.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-6x99-gv2v-q76v", - "cve": "CVE-2022-41888", - "id": "pyup.io-57119", - "more_info_path": "/vulnerabilities/CVE-2022-41888/57119", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs 'dense_features' or 'example_state_data' not of rank 2 will trigger a 'CHECK' fail in 'SdcaOptimizer'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-27rc-728f-x5w2", + "cve": "CVE-2022-41899", + "id": "pyup.io-57105", + "more_info_path": "/vulnerabilities/CVE-2022-41899/57105", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54493,10 +55384,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41898: If 'SparseFillEmptyRowsGrad' is given empty inputs, TensorFlow will crash.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hq7g-wwwp-q46h", - "cve": "CVE-2022-41898", - "id": "pyup.io-57120", - "more_info_path": "/vulnerabilities/CVE-2022-41898/57120", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41909: An input 'encoded' that is not a valid 'CompositeTensorVariant' tensor will trigger a segfault in 'tf.raw_ops.CompositeTensorVariantToComponents'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjx6-v474-2ch9", + "cve": "CVE-2022-41909", + "id": "pyup.io-57107", + "more_info_path": "/vulnerabilities/CVE-2022-41909/57107", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54505,10 +55396,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41894: The reference kernel of the 'CONV_3D_TRANSPOSE' TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of 'data_ptr += num_channels;' it should be 'data_ptr += output_num_channels;' as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6q3-vv32-2cq5", - "cve": "CVE-2022-41894", - "id": "pyup.io-57121", - "more_info_path": "/vulnerabilities/CVE-2022-41894/57121", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41891: If 'tf.raw_ops.TensorListConcat' is given 'element_shape=[]', it results segmentation fault which can be used to trigger a denial of service attack.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-66vq-54fq-6jvv", + "cve": "CVE-2022-41891", + "id": "pyup.io-57101", + "more_info_path": "/vulnerabilities/CVE-2022-41891/57101", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54517,10 +55408,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.", - "cve": "CVE-2022-41902", - "id": "pyup.io-57113", - "more_info_path": "/vulnerabilities/CVE-2022-41902/57113", + "advisory": "Tensorflow 2.8.4, 2.9.3 and 2.10.1 include a fix for CVE-2022-41901: An input 'sparse_matrix' that is not a matrix with a shape with rank 0 will trigger a 'CHECK' fail in 'tf.raw_ops.SparseMatrixNNZ'.\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g9fm-r5mm-rf9f", + "cve": "CVE-2022-41901", + "id": "pyup.io-57099", + "more_info_path": "/vulnerabilities/CVE-2022-41901/57099", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54529,10 +55420,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3, 2.10.1 and 2.11.0 include a fix for CVE-2022-35935: 'CHECK' failure in 'SobolSample' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc", - "cve": "CVE-2022-35935", - "id": "pyup.io-57122", - "more_info_path": "/vulnerabilities/CVE-2022-35935/57122", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3, 2.10.1 and 2.11.0 include a fix for CVE-2022-35991: 'CHECK' fail in 'TensorListScatter' and 'TensorListScatterV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", + "cve": "CVE-2022-35991", + "id": "pyup.io-57123", + "more_info_path": "/vulnerabilities/CVE-2022-35991/57123", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54542,10 +55433,10 @@ "v": "<2.8.4,>=2.9.0rc0,<2.9.3,>=2.10.0rc0,<2.10.1,>=2.11.0rc0,<2.11.0" }, { - "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3, 2.10.1 and 2.11.0 include a fix for CVE-2022-35991: 'CHECK' fail in 'TensorListScatter' and 'TensorListScatterV2'.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-vm7x-4qhj-rrcq\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xf83-q765-xm6m", - "cve": "CVE-2022-35991", - "id": "pyup.io-57123", - "more_info_path": "/vulnerabilities/CVE-2022-35991/57123", + "advisory": "Intel-tensorflow-avx512 2.8.4, 2.9.3, 2.10.1 and 2.11.0 include a fix for CVE-2022-35935: 'CHECK' failure in 'SobolSample' via missing validation.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-97p7-w86h-vcf9\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cqvq-fvhr-v6hc", + "cve": "CVE-2022-35935", + "id": "pyup.io-57122", + "more_info_path": "/vulnerabilities/CVE-2022-35935/57122", "specs": [ "<2.8.4", ">=2.9.0rc0,<2.9.3", @@ -54615,10 +55506,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15213: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimension of the output tensor, attackers can use a very large value to trigger a large allocation. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87", - "cve": "CVE-2020-15213", - "id": "pyup.io-57521", - "more_info_path": "/vulnerabilities/CVE-2020-15213/57521", + "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimension of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", + "cve": "CVE-2020-15214", + "id": "pyup.io-57523", + "more_info_path": "/vulnerabilities/CVE-2020-15214/57523", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -54626,10 +55517,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", - "cve": "CVE-2020-15212", - "id": "pyup.io-57522", - "more_info_path": "/vulnerabilities/CVE-2020-15212/57522", + "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15193: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of \"dlpack.to_dlpack\" can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a \"reinterpret_cast\". Since the \"PyObject\" is a Python object, not a Tensorflow tensor, the cast to \"EagerTensor\" fails. The issue was patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v", + "cve": "CVE-2020-15193", + "id": "pyup.io-57525", + "more_info_path": "/vulnerabilities/CVE-2020-15193/57525", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -54637,10 +55528,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimension of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", - "cve": "CVE-2020-15214", - "id": "pyup.io-57523", - "more_info_path": "/vulnerabilities/CVE-2020-15214/57523", + "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15213: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimension of the output tensor, attackers can use a very large value to trigger a large allocation. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87", + "cve": "CVE-2020-15213", + "id": "pyup.io-57521", + "more_info_path": "/vulnerabilities/CVE-2020-15213/57521", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -54648,10 +55539,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15192: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to 'dlpack.to_dlpack' there is a memory leak following an expected validation failure. The issue occurs because the 'status' argument during validation failures is not properly checked. Since each of the above methods can return an error status, the 'status' value must be checked before continuing.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", - "cve": "CVE-2020-15192", - "id": "pyup.io-57524", - "more_info_path": "/vulnerabilities/CVE-2020-15192/57524", + "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 includes a fix for CVE-2020-15212: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to \"segment_ids_data\" can alter \"output_index\" and then write to outside of \"output_data\" buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue was patched in commit 204945b19e44b57906c9344c0d00120eeeae178a. A potential workaround is to add a custom \"Verifier\" to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.", + "cve": "CVE-2020-15212", + "id": "pyup.io-57522", + "more_info_path": "/vulnerabilities/CVE-2020-15212/57522", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -54659,10 +55550,10 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15193: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of \"dlpack.to_dlpack\" can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a \"reinterpret_cast\". Since the \"PyObject\" is a Python object, not a Tensorflow tensor, the cast to \"EagerTensor\" fails. The issue was patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v", - "cve": "CVE-2020-15193", - "id": "pyup.io-57525", - "more_info_path": "/vulnerabilities/CVE-2020-15193/57525", + "advisory": "Intel-tensorflow-avx512 versions 2.2.1 and 2.3.1 include a fix for CVE-2020-15192: In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to 'dlpack.to_dlpack' there is a memory leak following an expected validation failure. The issue occurs because the 'status' argument during validation failures is not properly checked. Since each of the above methods can return an error status, the 'status' value must be checked before continuing.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv", + "cve": "CVE-2020-15192", + "id": "pyup.io-57524", + "more_info_path": "/vulnerabilities/CVE-2020-15192/57524", "specs": [ ">=2.2.0rc0,<2.2.1", ">=2.3.0rc0,<2.3.1" @@ -54670,60 +55561,60 @@ "v": ">=2.2.0rc0,<2.2.1,>=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.1 includes a fix for CVE-2020-15197: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a \"CHECK\" assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.", - "cve": "CVE-2020-15197", - "id": "pyup.io-57514", - "more_info_path": "/vulnerabilities/CVE-2020-15197/57514", + "advisory": "Intel-tensorflow-avx512 version 2.3.1 includes a fix for CVE-2020-15196: In Tensorflow version 2.3.0, the \"SparseCountSparseOutput\" and \"RaggedCountSparseOutput\" implementations don't validate that the \"weights\" tensor has the same shape as the data. The check exists for \"DenseCountSparseOutput\", where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph", + "cve": "CVE-2020-15196", + "id": "pyup.io-57516", + "more_info_path": "/vulnerabilities/CVE-2020-15196/57516", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15198: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has the same shape as the \"values\" one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3", - "cve": "CVE-2020-15198", - "id": "pyup.io-57515", - "more_info_path": "/vulnerabilities/CVE-2020-15198/57515", + "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15199: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the \"splits\" tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since \"BatchedMap\" is equivalent to a vector, it needs to have at least one element to not be \"nullptr\". If user passes a \"splits\" tensor that is empty or has exactly one element, we get a \"SIGABRT\" signal raised by the operating system. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h", + "cve": "CVE-2020-15199", + "id": "pyup.io-57518", + "more_info_path": "/vulnerabilities/CVE-2020-15199/57518", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.1 includes a fix for CVE-2020-15196: In Tensorflow version 2.3.0, the \"SparseCountSparseOutput\" and \"RaggedCountSparseOutput\" implementations don't validate that the \"weights\" tensor has the same shape as the data. The check exists for \"DenseCountSparseOutput\", where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph", - "cve": "CVE-2020-15196", - "id": "pyup.io-57516", - "more_info_path": "/vulnerabilities/CVE-2020-15196/57516", + "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15201: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Hence, the code is prone to heap buffer overflow. If \"split_values\" does not end with a value at least \"num_values\" then the \"while\" loop condition will trigger a read outside of the bounds of \"split_values\" once \"batch_idx\" grows too large. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4", + "cve": "CVE-2020-15201", + "id": "pyup.io-57519", + "more_info_path": "/vulnerabilities/CVE-2020-15201/57519", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15200: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A \"BatchedMap\" is equivalent to a vector where each element is a hashmap. However, if the first element of \"splits_values\" is not 0, \"batch_idx\" will never be 1, hence there will be no hashmap at index 0 in \"per_batch_counts\". Trying to access that in the user code results in a segmentation fault. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3", - "cve": "CVE-2020-15200", - "id": "pyup.io-57517", - "more_info_path": "/vulnerabilities/CVE-2020-15200/57517", + "advisory": "Intel-tensorflow-avx512 version 2.3.1 includes a fix for CVE-2020-15197: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a \"CHECK\" assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.", + "cve": "CVE-2020-15197", + "id": "pyup.io-57514", + "more_info_path": "/vulnerabilities/CVE-2020-15197/57514", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15199: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the \"splits\" tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since \"BatchedMap\" is equivalent to a vector, it needs to have at least one element to not be \"nullptr\". If user passes a \"splits\" tensor that is empty or has exactly one element, we get a \"SIGABRT\" signal raised by the operating system. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h", - "cve": "CVE-2020-15199", - "id": "pyup.io-57518", - "more_info_path": "/vulnerabilities/CVE-2020-15199/57518", + "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15198: In Tensorflow before version 2.3.1, the \"SparseCountSparseOutput\" implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the \"indices\" tensor has the same shape as the \"values\" one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3", + "cve": "CVE-2020-15198", + "id": "pyup.io-57515", + "more_info_path": "/vulnerabilities/CVE-2020-15198/57515", "specs": [ ">=2.3.0rc0,<2.3.1" ], "v": ">=2.3.0rc0,<2.3.1" }, { - "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15201: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Hence, the code is prone to heap buffer overflow. If \"split_values\" does not end with a value at least \"num_values\" then the \"while\" loop condition will trigger a read outside of the bounds of \"split_values\" once \"batch_idx\" grows too large. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4", - "cve": "CVE-2020-15201", - "id": "pyup.io-57519", - "more_info_path": "/vulnerabilities/CVE-2020-15201/57519", + "advisory": "Intel-tensorflow-avx512 2.3.1 includes a fix for CVE-2020-15200: In Tensorflow before version 2.3.1, the \"RaggedCountSparseOutput\" implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the \"splits\" tensor generate a valid partitioning of the \"values\" tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A \"BatchedMap\" is equivalent to a vector where each element is a hashmap. However, if the first element of \"splits_values\" is not 0, \"batch_idx\" will never be 1, hence there will be no hashmap at index 0 in \"per_batch_counts\". Trying to access that in the user code results in a segmentation fault. The issue was patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3", + "cve": "CVE-2020-15200", + "id": "pyup.io-57517", + "more_info_path": "/vulnerabilities/CVE-2020-15200/57517", "specs": [ ">=2.3.0rc0,<2.3.1" ], @@ -54898,6 +55789,32 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, + { + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37659: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.", + "cve": "CVE-2021-37659", + "id": "pyup.io-57473", + "more_info_path": "/vulnerabilities/CVE-2021-37659/57473", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" + }, + { + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", + "cve": "CVE-2021-37664", + "id": "pyup.io-57474", + "more_info_path": "/vulnerabilities/CVE-2021-37664/57474", + "specs": [ + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" + }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37651: In affected versions the implementation for 'tf.raw_ops.FractionalAvgPoolGrad' can be tricked into accessing data outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty 'EigenDoubleMatrixMap' and then accesses this buffer with indices that are outside of the empty area. The Tensorflow team has patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30.", "cve": "CVE-2021-37651", @@ -54963,32 +55880,6 @@ ], "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37659: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all binary cwise operations that don't require broadcasting (e.g., gradients of binary cwise operations). The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/cwise_ops_common.h#L264) assumes that the two inputs have exactly the same number of elements but does not check that. Hence, when the eigen functor executes it triggers heap OOB reads and undefined behavior due to binding to nullptr. We have patched the issue in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec.", - "cve": "CVE-2021-37659", - "id": "pyup.io-57473", - "more_info_path": "/vulnerabilities/CVE-2021-37659/57473", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" - }, - { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37664: In affected versions an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to `BoostedTreesSparseCalculateBestFeatureSplit`. The [implementation](https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) needs to validate that each value in `stats_summary_indices` is in range. The Tensorflow team has patched the issue in GitHub commit e84c975313e8e8e38bb2ea118196369c45c51378.", - "cve": "CVE-2021-37664", - "id": "pyup.io-57474", - "more_info_path": "/vulnerabilities/CVE-2021-37664/57474", - "specs": [ - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.6.0rc0,<2.6.0" - }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37647: When a user does not supply arguments that determine a valid sparse tensor, 'tf.raw_ops.SparseTensorSliceDataset' implementation can be made to dereference a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L240-L251) has some argument validation but fails to consider the case when either 'indices' or 'values' are provided for an empty sparse tensor when the other is not. If 'indices' is empty, then code that performs validation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/data/sparse_tensor_slice_dataset_op.cc#L260-L261) (i.e., checking that the indices are monotonically increasing) results in a null pointer dereference. If 'indices' as provided by the user is empty, then 'indices' in the C++ code above is backed by an empty 'std::vector', hence calling 'indices->dim_size(0)' results in null pointer dereferencing (same as calling 'std::vector::at()' on an empty vector). The Tensorflow team has patched the issue in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7.", "cve": "CVE-2021-37647", @@ -55081,20 +55972,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by invalid validation in 'SparseMatrixSparseCholesky'. See CVE-2021-29530.", - "cve": "CVE-2021-29530", - "id": "pyup.io-57441", - "more_info_path": "/vulnerabilities/CVE-2021-29530/57441", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropInput'. See CVE-2021-29525.", "cve": "CVE-2021-29525", @@ -55137,20 +56014,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", - "cve": "CVE-2021-29532", - "id": "pyup.io-57445", - "more_info_path": "/vulnerabilities/CVE-2021-29532/57445", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2 and 2.5.0 fix a division by 0 in 'Conv2DBackpropFilter'. See CVE-2021-29524.", "cve": "CVE-2021-29524", @@ -55208,10 +56071,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", - "cve": "CVE-2021-29552", - "id": "pyup.io-57450", - "more_info_path": "/vulnerabilities/CVE-2021-29552/57450", + "advisory": "Intel-tensorflow-avx512 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", + "cve": "CVE-2021-29548", + "id": "pyup.io-57451", + "more_info_path": "/vulnerabilities/CVE-2021-29548/57451", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -55222,10 +56085,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow-avx512 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 include a fix for CVE-2021-29548: An attacker can cause a runtime division by zero error and denial of service in `tf.raw_ops.QuantizedBatchNormWithGlobalNormalization`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/55a97caa9e99c7f37a0bbbeb414dc55553d3ae7f/tensorflow/core/kernels/quantized_batch_norm_op.cc) does not validate all constraints specified in the op's contract (https://www.tensorflow.org/api_docs/python/tf/raw_ops/QuantizedBatchNormWithGlobalNormalization).", - "cve": "CVE-2021-29548", - "id": "pyup.io-57451", - "more_info_path": "/vulnerabilities/CVE-2021-29548/57451", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", + "cve": "CVE-2021-29533", + "id": "pyup.io-57452", + "more_info_path": "/vulnerabilities/CVE-2021-29533/57452", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -55236,10 +56099,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 includes a fix for CVE-2021-29533: An attacker can trigger a denial of service via a 'CHECK' failure by passing an empty image to 'tf.raw_ops.DrawBoundingBoxes'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/ea34a18dc3f5c8d80a40ccca1404f343b5d55f91/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L148-L165) uses 'CHECK_*' assertions instead of 'OP_REQUIRES' to validate user controlled inputs. Whereas 'OP_REQUIRES' allows returning an error condition back to the user, the 'CHECK_*' macros result in a crash if the condition is false, similar to 'assert'. In this case, 'height' is 0 from the 'images' input. This results in 'max_box_row_clamp' being negative and the assertion being falsified, followed by aborting program execution.", - "cve": "CVE-2021-29533", - "id": "pyup.io-57452", - "more_info_path": "/vulnerabilities/CVE-2021-29533/57452", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", + "cve": "CVE-2021-29513", + "id": "pyup.io-57455", + "more_info_path": "/vulnerabilities/CVE-2021-29513/57455", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -55250,10 +56113,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", - "cve": "CVE-2021-29534", - "id": "pyup.io-57454", - "more_info_path": "/vulnerabilities/CVE-2021-29534/57454", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", + "cve": "CVE-2021-29531", + "id": "pyup.io-57456", + "more_info_path": "/vulnerabilities/CVE-2021-29531/57456", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -55264,10 +56127,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29513: Calling TF operations with tensors of non-numeric types when the operations expect numeric tensors result in null pointer dereferences. The conversion from Python array to C++ array (https://github.com/tensorflow/tensorflow/blob/ff70c47a396ef1e3cb73c90513da4f5cb71bebba/tensorflow/python/lib/core/ndarray_tensor.cc#L113-L169) is vulnerable to a type confusion.", - "cve": "CVE-2021-29513", - "id": "pyup.io-57455", - "more_info_path": "/vulnerabilities/CVE-2021-29513/57455", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", + "cve": "CVE-2021-29539", + "id": "pyup.io-57462", + "more_info_path": "/vulnerabilities/CVE-2021-29539/57462", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -55278,10 +56141,52 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a 'CHECK'-fail in 'tf.raw_ops.EncodePng'. See CVE-2021-29531.", - "cve": "CVE-2021-29531", - "id": "pyup.io-57456", - "more_info_path": "/vulnerabilities/CVE-2021-29531/57456", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by invalid validation in 'SparseMatrixSparseCholesky'. See CVE-2021-29530.", + "cve": "CVE-2021-29530", + "id": "pyup.io-57441", + "more_info_path": "/vulnerabilities/CVE-2021-29530/57441", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29532: An attacker can force accesses outside the bounds of heap allocated arrays by passing in invalid tensor values to `tf.raw_ops.RaggedCross`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/efea03b38fb8d3b81762237dc85e579cc5fc6e87/tensorflow/core/kernels/ragged_cross_op.cc#L456-L487) lacks validation for the user supplied arguments. Each of the above branches call a helper function after accessing array elements via a `*_list[next_*]` pattern, followed by incrementing the `next_*` index. However, as there is no validation that the `next_*` values are in the valid range for the corresponding `*_list` arrays, this results in heap OOB reads.", + "cve": "CVE-2021-29532", + "id": "pyup.io-57445", + "more_info_path": "/vulnerabilities/CVE-2021-29532/57445", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29552: An attacker can cause a denial of service by controlling the values of `num_segments` tensor argument for `UnsortedSegmentJoin`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/a2a607db15c7cd01d754d37e5448d72a13491bdb/tensorflow/core/kernels/unsorted_segment_join_op.cc#L92-L93) assumes that the `num_segments` tensor is a valid scalar. Since the tensor is empty the `CHECK` involved in `.scalar()()` that checks that the number of elements is exactly 1 will be invalidated and this would result in process termination.", + "cve": "CVE-2021-29552", + "id": "pyup.io-57450", + "more_info_path": "/vulnerabilities/CVE-2021-29552/57450", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.1.0rc0,<2.1.4", + ">=2.2.0rc0,<2.2.3", + ">=2.3.0rc0,<2.3.3", + ">=2.4.0rc0,<2.4.2" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29534: An attacker can trigger a denial of service via a 'CHECK'-fail in 'tf.raw_ops.SparseConcat'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/b432a38fe0e1b4b904a6c222cbce794c39703e87/tensorflow/core/kernels/sparse_concat_op.cc#L76) takes the values specified in 'shapes[0]' as dimensions for the output shape. The 'TensorShape' constructor (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a 'CHECK' operation which triggers when 'InitDims' (https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use 'BuildTensorShapeBase' or 'AddDimWithStatus' to prevent 'CHECK'-failures in the presence of overflows.", + "cve": "CVE-2021-29534", + "id": "pyup.io-57454", + "more_info_path": "/vulnerabilities/CVE-2021-29534/57454", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.1.0rc0,<2.1.4", @@ -55333,20 +56238,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.tensorflow.org/api_docs/python/tf/raw_ops/ImmutableConst) with a `dtype` of `tf.resource` or `tf.variant` results in a segfault in the implementation as code assumes that the tensor contents are pure scalars. We have patched the issue in 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will release TensorFlow 2.5.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. If using `tf.raw_ops.ImmutableConst` in code, you can prevent the segfault by inserting a filter for the `dtype` argument.", - "cve": "CVE-2021-29539", - "id": "pyup.io-57462", - "more_info_path": "/vulnerabilities/CVE-2021-29539/57462", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.1.0rc0,<2.1.4", - ">=2.2.0rc0,<2.2.3", - ">=2.3.0rc0,<2.3.3", - ">=2.4.0rc0,<2.4.2" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a null pointer dereference in 'StringNGrams'. See CVE-2021-29541.", "cve": "CVE-2021-29541", @@ -55642,10 +56533,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.3.0rc0,<2.3.3,>=2.4.0rc0,<2.4.2,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29556: An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument.", - "cve": "CVE-2021-29556", - "id": "pyup.io-57418", - "more_info_path": "/vulnerabilities/CVE-2021-29556/57418", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'tf.raw_ops.CTCLoss'. See CVE-2021-29613.", + "cve": "CVE-2021-29613", + "id": "pyup.io-57419", + "more_info_path": "/vulnerabilities/CVE-2021-29613/57419", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55656,10 +56547,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3,>=2.3.0rc0,<2.3.3" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'tf.raw_ops.CTCLoss'. See CVE-2021-29613.", - "cve": "CVE-2021-29613", - "id": "pyup.io-57419", - "more_info_path": "/vulnerabilities/CVE-2021-29613/57419", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29556: An attacker can cause a denial of service via a FPE runtime error in `tf.raw_ops.Reverse`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/36229ea9e9451dac14a8b1f4711c435a1d84a594/tensorflow/core/kernels/reverse_op.cc#L75-L76) performs a division based on the first dimension of the tensor argument.", + "cve": "CVE-2021-29556", + "id": "pyup.io-57418", + "more_info_path": "/vulnerabilities/CVE-2021-29556/57418", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55768,10 +56659,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", - "cve": "CVE-2021-29612", - "id": "pyup.io-57407", - "more_info_path": "/vulnerabilities/CVE-2021-29612/57407", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", + "cve": "CVE-2021-29570", + "id": "pyup.io-57408", + "more_info_path": "/vulnerabilities/CVE-2021-29570/57408", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55782,10 +56673,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'MaxPoolGradWithArgmax'. See CVE-2021-29570.", - "cve": "CVE-2021-29570", - "id": "pyup.io-57408", - "more_info_path": "/vulnerabilities/CVE-2021-29570/57408", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB access in unicode ops. See CVE-2021-29559.", + "cve": "CVE-2021-29559", + "id": "pyup.io-57410", + "more_info_path": "/vulnerabilities/CVE-2021-29559/57410", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55796,10 +56687,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29589: The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a model such that `params` input would be an empty tensor. In turn, `params_shape.Dims(.)` would be zero, in at least one dimension.", - "cve": "CVE-2021-29589", - "id": "pyup.io-57409", - "more_info_path": "/vulnerabilities/CVE-2021-29589/57409", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'FusedBatchNorm'. See CVE-2021-29555.", + "cve": "CVE-2021-29555", + "id": "pyup.io-57411", + "more_info_path": "/vulnerabilities/CVE-2021-29555/57411", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55810,10 +56701,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB access in unicode ops. See CVE-2021-29559.", - "cve": "CVE-2021-29559", - "id": "pyup.io-57410", - "more_info_path": "/vulnerabilities/CVE-2021-29559/57410", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'BandedTriangularSolve'. See CVE-2021-29612.", + "cve": "CVE-2021-29612", + "id": "pyup.io-57407", + "more_info_path": "/vulnerabilities/CVE-2021-29612/57407", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55824,10 +56715,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'FusedBatchNorm'. See CVE-2021-29555.", - "cve": "CVE-2021-29555", - "id": "pyup.io-57411", - "more_info_path": "/vulnerabilities/CVE-2021-29555/57411", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29589: The reference implementation of the `GatherNd` TFLite operator is vulnerable to a division by zero error (https://github.com/tensorflow/tensorflow/blob/0d45ea1ca641b21b73bcf9c00e0179cda284e7e7/tensorflow/lite/kernels/internal/reference/reference_ops.h#L966). An attacker can craft a model such that `params` input would be an empty tensor. In turn, `params_shape.Dims(.)` would be zero, in at least one dimension.", + "cve": "CVE-2021-29589", + "id": "pyup.io-57409", + "more_info_path": "/vulnerabilities/CVE-2021-29589/57409", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -55851,6 +56742,132 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.1.0rc0,<2.1.4,>=2.2.0rc0,<2.2.3" }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29583: The implementation of 'tf.raw_ops.FusedBatchNorm' is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The implementation(https://github.com/tensorflow/tensorflow/blob/57d86e0db5d1365f19adcce848dfc1bf89fdd4c7/tensorflow/core/kernels/fused_batch_norm_op.cc) fails to validate that 'scale', 'offset', 'mean' and 'variance' (the last two only when required) all have the same number of elements as the number of channels of 'x'. This results in heap out of bounds reads when the buffers backing these tensors are indexed past their boundary. If the tensors are empty, the validation mentioned in the above paragraph would also trigger and prevent the undefined behavior.", + "cve": "CVE-2021-29583", + "id": "pyup.io-57362", + "more_info_path": "/vulnerabilities/CVE-2021-29583/57362", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", + "cve": "CVE-2020-8231", + "id": "pyup.io-57368", + "more_info_path": "/vulnerabilities/CVE-2020-8231/57368", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", + "cve": "CVE-2021-29579", + "id": "pyup.io-57375", + "more_info_path": "/vulnerabilities/CVE-2021-29579/57375", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", + "cve": "CVE-2021-29566", + "id": "pyup.io-57383", + "more_info_path": "/vulnerabilities/CVE-2021-29566/57383", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", + "cve": "CVE-2021-29571", + "id": "pyup.io-57386", + "more_info_path": "/vulnerabilities/CVE-2021-29571/57386", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", + "cve": "CVE-2021-29572", + "id": "pyup.io-57388", + "more_info_path": "/vulnerabilities/CVE-2021-29572/57388", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", + "cve": "CVE-2021-29573", + "id": "pyup.io-57391", + "more_info_path": "/vulnerabilities/CVE-2021-29573/57391", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in TFLite's implementation of 'Minimum' or 'Maximum'. See CVE-2021-29590.", + "cve": "CVE-2021-29590", + "id": "pyup.io-57393", + "more_info_path": "/vulnerabilities/CVE-2021-29590/57393", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, + { + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29563: An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination.", + "cve": "CVE-2021-29563", + "id": "pyup.io-57395", + "more_info_path": "/vulnerabilities/CVE-2021-29563/57395", + "specs": [ + ">=2.5.0rc0,<2.5.0", + ">=2.4.0rc0,<2.4.2", + ">=2.3.0rc0,<2.3.3", + ">=2.2.0rc0,<2.2.3", + ">=2.1.0rc0,<2.1.4" + ], + "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" + }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'QuantizedMul'. See CVE-2021-29528.", "cve": "CVE-2021-29528", @@ -56033,20 +57050,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29583: The implementation of 'tf.raw_ops.FusedBatchNorm' is vulnerable to a heap buffer overflow. If the tensors are empty, the same implementation can trigger undefined behavior by dereferencing null pointers. The implementation(https://github.com/tensorflow/tensorflow/blob/57d86e0db5d1365f19adcce848dfc1bf89fdd4c7/tensorflow/core/kernels/fused_batch_norm_op.cc) fails to validate that 'scale', 'offset', 'mean' and 'variance' (the last two only when required) all have the same number of elements as the number of channels of 'x'. This results in heap out of bounds reads when the buffers backing these tensors are indexed past their boundary. If the tensors are empty, the validation mentioned in the above paragraph would also trigger and prevent the undefined behavior.", - "cve": "CVE-2021-29583", - "id": "pyup.io-57362", - "more_info_path": "/vulnerabilities/CVE-2021-29583/57362", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29608: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in 'tf.raw_ops.RaggedTensorToTensor', an attacker can exploit an undefined behavior if input arguments are empty. The implementation (https://github.com/tensorflow/tensorflow/blob/656e7673b14acd7835dc778867f84916c6d1cac2/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L356-L360) only checks that one of the tensors is not empty, but does not check for the other ones. There are multiple 'DCHECK' validations to prevent heap OOB, but these are no-op in release builds, hence they don't prevent anything.", "cve": "CVE-2021-29608", @@ -56117,20 +57120,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update its dependency \"curl\" to v7.76.0 to include security fixes.", - "cve": "CVE-2020-8231", - "id": "pyup.io-57368", - "more_info_path": "/vulnerabilities/CVE-2020-8231/57368", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 update 'curl' to '7.76.0' to handle CVE-2020-8177.", "cve": "CVE-2020-8177", @@ -56215,20 +57204,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap buffer overflow in 'MaxPoolGrad'. See CVE-2021-29579.", - "cve": "CVE-2021-29579", - "id": "pyup.io-57375", - "more_info_path": "/vulnerabilities/CVE-2021-29579/57375", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a integer overflow in TFLite memory allocation. See CVE-2021-29605.", "cve": "CVE-2021-29605", @@ -56327,20 +57302,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29566: An attacker can write outside the bounds of heap allocated arrays by passing invalid arguments to 'tf.raw_ops.Dilation2DBackpropInput'. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/afd954e65f15aea4d438d0a219136fc4a63a573d/tensorflow/core/kernels/dilation_ops.cc#L321-L322) does not validate before writing to the output array. The values for 'h_out' and 'w_out' are guaranteed to be in range for 'out_backprop' (as they are loop indices bounded by the size of the array). However, there are no similar guarantees relating 'h_in_max'/'w_in_max' and 'in_backprop'.", - "cve": "CVE-2021-29566", - "id": "pyup.io-57383", - "more_info_path": "/vulnerabilities/CVE-2021-29566/57383", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite operator does not check for 0 before division (https://github.com/tensorflow/tensorflow/blob/5f7975d09eac0f10ed8a17dbb6f5964977725adc/tensorflow/lite/kernels/space_to_depth.cc#L63-L67). An attacker can craft a model such that `params->block_size` would be zero.", "cve": "CVE-2021-29587", @@ -56355,20 +57316,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29571: The implementation of 'tf.raw_ops.MaxPoolGradWithArgmax' can cause reads outside of bounds of heap allocated data if attacker supplies specially crafted inputs. The implementation (https://github.com/tensorflow/tensorflow/blob/31bd5026304677faa8a0b77602c6154171b9aec1/tensorflow/core/kernels/image/draw_bounding_box_op.cc#L116-L130) assumes that the last element of 'boxes' input is 4, as required by the op (https://www.tensorflow.org/api_docs/python/tf/raw_ops/DrawBoundingBoxesV2). Since this is not checked attackers passing values less than 4 can write outside of bounds of heap allocated objects and cause memory corruption. If the last dimension in 'boxes' is less than 4, accesses similar to 'tboxes(b, bb, 3)' will access data outside of bounds. Further during code execution there are also writes to these indices.", - "cve": "CVE-2021-29571", - "id": "pyup.io-57386", - "more_info_path": "/vulnerabilities/CVE-2021-29571/57386", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap out of bounds read in 'RequantizationRange'. See CVE-2021-29569.", "cve": "CVE-2021-29569", @@ -56383,20 +57330,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.5.0, 2.4.2, 2.3.3, 2.2.3, and 2.1.4 include a fix for CVE-2021-29572: The implementation of `tf.raw_ops.SdcaOptimizer` triggers undefined behavior due to dereferencing a null pointer. The implementation (https://github.com/tensorflow/tensorflow/blob/60a45c8b6192a4699f2e2709a2645a751d435cc3/tensorflow/core/kernels/sdca_internal.cc) does not validate that the user supplied arguments satisfy all constraints expected by the op(https://www.tensorflow.org/api_docs/python/tf/raw_ops/SdcaOptimizer).", - "cve": "CVE-2021-29572", - "id": "pyup.io-57388", - "more_info_path": "/vulnerabilities/CVE-2021-29572/57388", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.5.0, 2.4.2, 2.3.3, 2.2.3 and 2.1.4 updates its dependency \"curl\" to a secure version (7.76.0).", "cve": "CVE-2020-8285", @@ -56425,20 +57358,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by 0 in 'MaxPoolGradWithArgmax'. See CVE-2021-29573.", - "cve": "CVE-2021-29573", - "id": "pyup.io-57391", - "more_info_path": "/vulnerabilities/CVE-2021-29573/57391", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in optimized pooling implementations in TFLite. See CVE-2021-29586.", "cve": "CVE-2021-29586", @@ -56453,20 +57372,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a heap OOB read in TFLite's implementation of 'Minimum' or 'Maximum'. See CVE-2021-29590.", - "cve": "CVE-2021-29590", - "id": "pyup.io-57393", - "more_info_path": "/vulnerabilities/CVE-2021-29590/57393", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix a division by zero in TFLite's implementation of 'SVDF'. See CVE-2021-29598.", "cve": "CVE-2021-29598", @@ -56482,10 +57387,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29563: An attacker can cause a denial of service by exploiting a `CHECK`-failure coming from the implementation of `tf.raw_ops.RFFT`. Eigen code operating on an empty matrix can trigger on an assertion and will cause program termination.", - "cve": "CVE-2021-29563", - "id": "pyup.io-57395", - "more_info_path": "/vulnerabilities/CVE-2021-29563/57395", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", + "cve": "CVE-2021-29611", + "id": "pyup.io-57398", + "more_info_path": "/vulnerabilities/CVE-2021-29611/57398", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -56496,10 +57401,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix vulnerabilities caused by incomplete validation in 'SparseReshape'. See CVE-2021-29611.", - "cve": "CVE-2021-29611", - "id": "pyup.io-57398", - "more_info_path": "/vulnerabilities/CVE-2021-29611/57398", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", + "cve": "CVE-2021-29580", + "id": "pyup.io-57399", + "more_info_path": "/vulnerabilities/CVE-2021-29580/57399", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -56510,10 +57415,10 @@ "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 fix an undefined behavior and a 'CHECK'-fail in 'FractionalMaxPoolGrad'. See CVE-2021-29580.", - "cve": "CVE-2021-29580", - "id": "pyup.io-57399", - "more_info_path": "/vulnerabilities/CVE-2021-29580/57399", + "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", + "cve": "CVE-2021-29560", + "id": "pyup.io-57403", + "more_info_path": "/vulnerabilities/CVE-2021-29560/57403", "specs": [ ">=2.5.0rc0,<2.5.0", ">=2.4.0rc0,<2.4.2", @@ -56565,20 +57470,6 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, - { - "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29560: An attacker can cause a heap buffer overflow in `tf.raw_ops.RaggedTensorToTensor`. This is because the implementation (https://github.com/tensorflow/tensorflow/blob/d94227d43aa125ad8b54115c03cece54f6a1977b/tensorflow/core/kernels/ragged_tensor_to_tensor_op.cc#L219-L222) uses the same index to access two arrays in parallel. Since the user controls the shape of the input arguments, an attacker could trigger a heap OOB access when 'parent_output_index' is shorter than 'row_split'.", - "cve": "CVE-2021-29560", - "id": "pyup.io-57403", - "more_info_path": "/vulnerabilities/CVE-2021-29560/57403", - "specs": [ - ">=2.5.0rc0,<2.5.0", - ">=2.4.0rc0,<2.4.2", - ">=2.3.0rc0,<2.3.3", - ">=2.2.0rc0,<2.2.3", - ">=2.1.0rc0,<2.1.4" - ], - "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" - }, { "advisory": "Intel-tensorflow-avx512 2.1.4, 2.2.3, 2.3.3, 2.4.2, and 2.5.0 include a fix for CVE-2021-29610: The validation in 'tf.raw_ops.QuantizeAndDequantizeV2' allows invalid values for 'axis' argument:. The validation (https://github.com/tensorflow/tensorflow/blob/eccb7ec454e6617738554a255d77f08e60ee0808/tensorflow/core/kernels/quantize_and_dequantize_op.cc#L74-L77) uses '||' to mix two different conditions. If 'axis_ < -1' the condition in 'OP_REQUIRES' will still be true, but this value of 'axis_' results in heap underflow. This allows attackers to read/write to other data on the heap.", "cve": "CVE-2021-29610", @@ -56607,6 +57498,19 @@ ], "v": ">=2.5.0rc0,<2.5.0,>=2.4.0rc0,<2.4.2,>=2.3.0rc0,<2.3.3,>=2.2.0rc0,<2.2.3,>=2.1.0rc0,<2.1.4" }, + { + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", + "cve": "CVE-2021-37691", + "id": "pyup.io-57350", + "more_info_path": "/vulnerabilities/CVE-2021-37691/57350", + "specs": [ + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3", + ">=2.3.0rc0,<2.3.4", + ">=2.6.0rc0,<2.6.0" + ], + "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" + }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37688: In affected versions an attacker can craft a TFLite model that would trigger a null pointer dereference, which would result in a crash and denial of service. The [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/internal/optimized/optimized_ops.h#L268-L285) unconditionally dereferences a pointer. The Tensorflow team has patched the issue in GitHub commit 15691e456c7dc9bd6be203b09765b063bf4a380c.", "cve": "CVE-2021-37688", @@ -56634,17 +57538,15 @@ "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37691: In affected versions an attacker can craft a TFLite model that would trigger a division by zero error in LSH [implementation](https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/lsh_projection.cc#L118). The Tensorflow team has patched the issue in GitHub commit 0575b640091680cfb70f4dd93e70658de43b94f9.", - "cve": "CVE-2021-37691", - "id": "pyup.io-57350", - "more_info_path": "/vulnerabilities/CVE-2021-37691/57350", + "advisory": "Intel-tensorflow-avx512 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.", + "cve": "CVE-2021-37640", + "id": "pyup.io-57347", + "more_info_path": "/vulnerabilities/CVE-2021-37640/57347", "specs": [ ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3", - ">=2.3.0rc0,<2.3.4", ">=2.6.0rc0,<2.6.0" ], - "v": ">=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.6.0rc0,<2.6.0" + "v": ">=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, { "advisory": "Intel-tensorflow-avx512 versions 2.5.1 and 2.6.0 include a fix for CVE-2021-37692:\nIn affected versions under certain conditions, Go code can trigger a segfault in string deallocation. For string tensors, \"C.TF_TString_Dealloc\" is called during garbage collection within a finalizer function. However, tensor structure isn't checked until encoding to avoid a performance penalty. The current method for dealloc assumes that encoding succeeded, but segfaults when a string tensor is garbage collected whose encoding failed (e.g., due to mismatched dimensions). To fix this, the call to set the finalizer function is deferred until \"NewTensor\" returns and, if encoding failed for a string tensor, deallocs are determined based on bytes written. The Tensorflow team has patched the issue in GitHub commit:\nhttps://github.com/tensorflow/tensorflow/commit/8721ba96e5760c229217b594f6d2ba332beedf22\nhttps://github.com/tensorflow/tensorflow/pull/50508\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-cmgw-8vpc-rc59", @@ -56657,17 +57559,6 @@ ], "v": ">=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" }, - { - "advisory": "Intel-tensorflow-avx512 2.5.1 and 2.6.0 include a fix for CVE-2021-37640: In affected versions the implementation of 'tf.raw_ops.SparseReshape' can be made to trigger an integral division by 0 exception. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L176-L181) calls the reshaping functor whenever there is at least an index in the input but does not check that shape of the input or the target shape have both a non-zero number of elements. The reshape functor (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/reshape_util.cc#L40-L78) blindly divides by the dimensions of the target shape. Hence, if this is not checked, code will result in a division by 0. The Tensorflow team has patched the issue in GitHub commit 4923de56ec94fff7770df259ab7f2288a74feb41.", - "cve": "CVE-2021-37640", - "id": "pyup.io-57347", - "more_info_path": "/vulnerabilities/CVE-2021-37640/57347", - "specs": [ - ">=2.5.0rc0,<2.5.1", - ">=2.6.0rc0,<2.6.0" - ], - "v": ">=2.5.0rc0,<2.5.1,>=2.6.0rc0,<2.6.0" - }, { "advisory": "Intel-tensorflow-avx512 versions 2.3.4, 2.4.3, 2.5.1, and 2.6.0 update its dependency \"curl\" to include a fix for CVE-2021-22898", "cve": "CVE-2021-22898", @@ -56682,10 +57573,10 @@ "v": ">=2.6.0a1,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", - "cve": "CVE-2021-37685", - "id": "pyup.io-57337", - "more_info_path": "/vulnerabilities/CVE-2021-37685/57337", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", + "cve": "CVE-2021-37668", + "id": "pyup.io-57335", + "more_info_path": "/vulnerabilities/CVE-2021-37668/57335", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -56708,10 +57599,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", - "cve": "CVE-2021-37657", - "id": "pyup.io-57334", - "more_info_path": "/vulnerabilities/CVE-2021-37657/57334", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", + "cve": "CVE-2021-37663", + "id": "pyup.io-57336", + "more_info_path": "/vulnerabilities/CVE-2021-37663/57336", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -56721,10 +57612,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37668:\nIn affected versions, an attacker can cause denial of service in applications serving models using \"tf.raw_ops.UnravelIndex\" by triggering a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/unravel_index_op.cc#L36) does not check that the tensor subsumed by \"dims\" is not empty. Hence, if one element of \"dims\" is 0, the implementation does a division by 0. The Tensorflow team has patched the issue in GitHub commit a776040a5e7ebf76eeb7eb923bf1ae417dd4d233.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-2wmv-37vq-52g5\nhttps://github.com/tensorflow/tensorflow/commit/a776040a5e7ebf76eeb7eb923bf1ae417dd4d233", - "cve": "CVE-2021-37668", - "id": "pyup.io-57335", - "more_info_path": "/vulnerabilities/CVE-2021-37668/57335", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37685: In affected versions TFLite's 'expand_dims.cc' (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/expand_dims.cc#L36-L50) contains a vulnerability which allows reading one element outside of bounds of heap allocated data. If 'axis' is a large negative value (e.g., '-100000'), then after the first 'if' it would still be negative. The check following the 'if' statement will pass and the 'for' loop would read one element before the start of 'input_dims.data' (when 'i = 0'). The Tensorflow team has patched the issue in GitHub commit d94ffe08a65400f898241c0374e9edc6fa8ed257.", + "cve": "CVE-2021-37685", + "id": "pyup.io-57337", + "more_info_path": "/vulnerabilities/CVE-2021-37685/57337", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -56734,10 +57625,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37663:\nIn affected versions, due to incomplete validation in \"tf.raw_ops.QuantizeV2\", an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/quantize_op.cc#L59) has some validation but does not check that \"min_range\" and \"max_range\" both have the same non-zero number of elements. If \"axis\" is provided (i.e., not \"-1\"), then validation should check that it is a value in range for the rank of \"input\" tensor and then the lengths of \"min_range\" and \"max_range\" inputs match the \"axis\" dimension of the \"input\" tensor. The Tensorflow team has patched the issue in GitHub commit 6da6620efad397c85493b8f8667b821403516708. \nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j\nhttps://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708", - "cve": "CVE-2021-37663", - "id": "pyup.io-57336", - "more_info_path": "/vulnerabilities/CVE-2021-37663/57336", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37657: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in all operations of type 'tf.raw_ops.MatrixDiagV*'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/linalg/matrix_diag_op.cc) has incomplete validation that the value of 'k' is a valid tensor. The Tensorflow team has checked that this value is either a scalar or a vector, but there is no check for the number of elements. If this is an empty tensor, then code that accesses the first element of the tensor is wrong. The Tensorflow team has patched the issue in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09.", + "cve": "CVE-2021-37657", + "id": "pyup.io-57334", + "more_info_path": "/vulnerabilities/CVE-2021-37657/57334", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.3.0rc0,<2.3.4", @@ -56759,19 +57650,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, - { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", - "cve": "CVE-2021-37665", - "id": "pyup.io-57339", - "more_info_path": "/vulnerabilities/CVE-2021-37665/57339", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.4.0rc0,<2.4.3", - ">=2.5.0rc0,<2.5.1" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" - }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37687: In affected versions TFLite's 'GatherNd' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather_nd.cc#L124) does not support negative indices but there are no checks for this situation. Hence, an attacker can read arbitrary data from the heap by carefully crafting a model with negative values in 'indices'. Similar issue exists in 'Gather' implementation (https://github.com/tensorflow/tensorflow/blob/149562d49faa709ea80df1d99fc41d005b81082a/tensorflow/lite/kernels/gather.cc). The Tensorflow team has patched the issue in GitHub commits bb6a0383ed553c286f87ca88c207f6774d5c4a8f and eb921122119a6b6e470ee98b89e65d721663179d.", "cve": "CVE-2021-37687", @@ -56811,6 +57689,19 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" }, + { + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37665:\nIn affected versions, due to incomplete validation in MKL implementation of requantization, an attacker can trigger undefined behavior via binding a reference to a null pointer or can access data outside the bounds of heap allocated arrays. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantization_range_per_channel_op.cc) does not validate the dimensions of the \"input\" tensor. A similar issue occurs in \"MklRequantizePerChannelOp\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/mkl/mkl_requantize_per_channel_op.cc) does not perform full validation for all the input arguments. The Tensorflow team has patched the issue in GitHub commit 9e62869465573cb2d9b5053f1fa02a81fce21d69 and in the Github commit 203214568f5bc237603dbab6e1fd389f1572f5c9.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp\nhttps://github.com/tensorflow/tensorflow/commit/203214568f5bc237603dbab6e1fd389f1572f5c9\nhttps://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69", + "cve": "CVE-2021-37665", + "id": "pyup.io-57339", + "more_info_path": "/vulnerabilities/CVE-2021-37665/57339", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.4.0rc0,<2.4.3", + ">=2.5.0rc0,<2.5.1" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.4.0rc0,<2.4.3,>=2.5.0rc0,<2.5.1" + }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37660: In affected versions an attacker can cause a floating point exception by calling inplace operations with crafted arguments that would result in a division by 0. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/inplace_ops.cc#L283) has a logic error: it should skip processing if 'x' and 'v' are empty but the code uses '||' instead of '&&'. The Tensorflow team has patched the issue in GitHub commit e86605c0a336c088b638da02135ea6f9f6753618.", "cve": "CVE-2021-37660", @@ -56837,6 +57728,45 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, + { + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37662: In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in 'BoostedTreesCalculateBestGainsPerFeature' and similar attack can occur in 'BoostedTreesCalculateBestFeatureSplitV2'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. The Tensorflow team has patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.", + "cve": "CVE-2021-37662", + "id": "pyup.io-57327", + "more_info_path": "/vulnerabilities/CVE-2021-37662/57327", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" + }, + { + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37644: In affected versions providing a negative element to 'num_elements' list argument of 'tf.raw_ops.TensorListReserve' causes the runtime to abort the process due to reallocating a 'std::vector' to have a negative number of elements. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls 'std::vector.resize()' with the new size controlled by input given by the user, without checking that this input is valid. The Tensorflow team has patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2.", + "cve": "CVE-2021-37644", + "id": "pyup.io-57331", + "more_info_path": "/vulnerabilities/CVE-2021-37644/57331", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" + }, + { + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37646: In affected versions the implementation of 'tf.raw_ops.StringNGrams' is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184) calls 'reserve' on a 'tstring' with a value that sometimes can be negative if user supplies negative 'ngram_widths'. The 'reserve' method calls 'TF_TString_Reserve' which has an 'unsigned long' argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5.", + "cve": "CVE-2021-37646", + "id": "pyup.io-57332", + "more_info_path": "/vulnerabilities/CVE-2021-37646/57332", + "specs": [ + ">=2.6.0rc0,<2.6.0", + ">=2.3.0rc0,<2.3.4", + ">=2.5.0rc0,<2.5.1", + ">=2.4.0rc0,<2.4.3" + ], + "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" + }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37684: In affected versions the implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0. The Tensorflow team has patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695 (https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).", "cve": "CVE-2021-37684", @@ -56850,19 +57780,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, - { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37662: In affected versions an attacker can generate undefined behavior via a reference binding to nullptr in 'BoostedTreesCalculateBestGainsPerFeature' and similar attack can occur in 'BoostedTreesCalculateBestFeatureSplitV2'. The implementation (https://github.com/tensorflow/tensorflow/blob/84d053187cb80d975ef2b9684d4b61981bca0c41/tensorflow/core/kernels/boosted_trees/stats_ops.cc) does not validate the input values. The Tensorflow team has patched the issue in GitHub commit 9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad and in commit 429f009d2b2c09028647dd4bb7b3f6f414bbaad7.", - "cve": "CVE-2021-37662", - "id": "pyup.io-57327", - "more_info_path": "/vulnerabilities/CVE-2021-37662/57327", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" - }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37641: In affected versions if the arguments to 'tf.raw_ops.RaggedGather' don't determine a valid ragged tensor code can trigger a read from outside of bounds of heap allocated buffers. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/ragged_gather_op.cc#L70) directly reads the first dimension of a tensor shape before checking that said tensor has rank of at least 1 (i.e., it is not a scalar). Furthermore, the implementation does not check that the list given by 'params_nested_splits' is not an empty list of tensors. The Tensorflow team has patched the issue in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373.", "cve": "CVE-2021-37641", @@ -56889,32 +57806,6 @@ ], "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, - { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37644: In affected versions providing a negative element to 'num_elements' list argument of 'tf.raw_ops.TensorListReserve' causes the runtime to abort the process due to reallocating a 'std::vector' to have a negative number of elements. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/list_kernels.cc#L312) calls 'std::vector.resize()' with the new size controlled by input given by the user, without checking that this input is valid. The Tensorflow team has patched the issue in GitHub commit 8a6e874437670045e6c7dc6154c7412b4a2135e2.", - "cve": "CVE-2021-37644", - "id": "pyup.io-57331", - "more_info_path": "/vulnerabilities/CVE-2021-37644/57331", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" - }, - { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37646: In affected versions the implementation of 'tf.raw_ops.StringNGrams' is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. The implementation (https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/string_ngrams_op.cc#L184) calls 'reserve' on a 'tstring' with a value that sometimes can be negative if user supplies negative 'ngram_widths'. The 'reserve' method calls 'TF_TString_Reserve' which has an 'unsigned long' argument for the size of the buffer. Hence, the implicit conversion transforms the negative value to a large integer. The Tensorflow team has patched the issue in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5.", - "cve": "CVE-2021-37646", - "id": "pyup.io-57332", - "more_info_path": "/vulnerabilities/CVE-2021-37646/57332", - "specs": [ - ">=2.6.0rc0,<2.6.0", - ">=2.3.0rc0,<2.3.4", - ">=2.5.0rc0,<2.5.1", - ">=2.4.0rc0,<2.4.3" - ], - "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" - }, { "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37666: In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in 'tf.raw_ops.RaggedTensorToVariant'. The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_to_variant_op.cc#L129) has an incomplete validation of the splits values, missing the case when the argument would be empty. The Tensorflow team has patched the issue in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612.", "cve": "CVE-2021-37666", @@ -56929,10 +57820,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37682:\nIn affected versions all TFLite operations that use quantization can be made to use unitialized values. (For example, https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200). The issue stems from the fact that \"quantization.params\" is only valid if \"quantization.type\" is different that \"kTfLiteNoQuantization\". However, these checks are missing in large parts of the code. The Tensorflow team has patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw\nhttps://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5\nhttps://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887\nhttps://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538", - "cve": "CVE-2021-37682", - "id": "pyup.io-57324", - "more_info_path": "/vulnerabilities/CVE-2021-37682/57324", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37690:\nIn affected versions when running shape functions, some functions (such as 'MutableHashTableShape') produce extra output information in the form of a 'ShapeAndType' struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. 'ShapeRefiner' is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but the Tensorflow team was not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. The Tensorflow team has patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg\nhttps://github.com/tensorflow/tensorflow/commit/ee119d4a498979525046fba1c3dd3f13a039fbb1", + "cve": "CVE-2021-37690", + "id": "pyup.io-57325", + "more_info_path": "/vulnerabilities/CVE-2021-37690/57325", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.4.0rc0,<2.4.3", @@ -56942,10 +57833,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37690:\nIn affected versions when running shape functions, some functions (such as 'MutableHashTableShape') produce extra output information in the form of a 'ShapeAndType' struct. The shapes embedded in this struct are owned by an inference context that is cleaned up almost immediately; if the upstream code attempts to access this shape information, it can trigger a segfault. 'ShapeRefiner' is mitigating this for normal output shapes by cloning them (and thus putting the newly created shape under ownership of an inference context that will not die), but the Tensorflow team was not doing the same for shapes and types. This commit fixes that by doing similar logic on output shapes and types. The Tensorflow team has patched the issue in GitHub commit ee119d4a498979525046fba1c3dd3f13a039fbb1.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-3hxh-8cp2-g4hg\nhttps://github.com/tensorflow/tensorflow/commit/ee119d4a498979525046fba1c3dd3f13a039fbb1", - "cve": "CVE-2021-37690", - "id": "pyup.io-57325", - "more_info_path": "/vulnerabilities/CVE-2021-37690/57325", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37682:\nIn affected versions all TFLite operations that use quantization can be made to use unitialized values. (For example, https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/lite/kernels/depthwise_conv.cc#L198-L200). The issue stems from the fact that \"quantization.params\" is only valid if \"quantization.type\" is different that \"kTfLiteNoQuantization\". However, these checks are missing in large parts of the code. The Tensorflow team has patched the issue in GitHub commits 537bc7c723439b9194a358f64d871dd326c18887, 4a91f2069f7145aab6ba2d8cfe41be8a110c18a5 and 8933b8a21280696ab119b63263babdb54c298538.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-4c4g-crqm-xrxw\nhttps://github.com/tensorflow/tensorflow/commit/4a91f2069f7145aab6ba2d8cfe41be8a110c18a5\nhttps://github.com/tensorflow/tensorflow/commit/537bc7c723439b9194a358f64d871dd326c18887\nhttps://github.com/tensorflow/tensorflow/commit/8933b8a21280696ab119b63263babdb54c298538", + "cve": "CVE-2021-37682", + "id": "pyup.io-57324", + "more_info_path": "/vulnerabilities/CVE-2021-37682/57324", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.4.0rc0,<2.4.3", @@ -56955,10 +57846,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4,>=2.5.0rc0,<2.5.1" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", - "cve": "CVE-2021-37655", - "id": "pyup.io-57311", - "more_info_path": "/vulnerabilities/CVE-2021-37655/57311", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22897", + "id": "pyup.io-57316", + "more_info_path": "/vulnerabilities/CVE-2021-22897/57316", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -56968,10 +57859,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", - "cve": "CVE-2021-37672", - "id": "pyup.io-57312", - "more_info_path": "/vulnerabilities/CVE-2021-37672/57312", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22876", + "id": "pyup.io-57317", + "more_info_path": "/vulnerabilities/CVE-2021-22876/57317", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -56981,10 +57872,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", - "cve": "CVE-2021-37670", - "id": "pyup.io-57313", - "more_info_path": "/vulnerabilities/CVE-2021-37670/57313", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", + "cve": "CVE-2021-37650", + "id": "pyup.io-57319", + "more_info_path": "/vulnerabilities/CVE-2021-37650/57319", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -56994,10 +57885,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37679:\nIn affected versions it is possible to nest a \"tf.map_fn\" within another \"tf.map_fn\" call. However, if the input tensor is a \"RaggedTensor\" and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The \"t\" and \"z\" outputs should be identical, however this is not the case. The last row of \"t\" contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a \"Variant\" tensor to a \"RaggedTensor\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. The Tensorflow team has patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp\nhttps://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12", - "cve": "CVE-2021-37679", - "id": "pyup.io-57314", - "more_info_path": "/vulnerabilities/CVE-2021-37679/57314", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37655: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a read from outside of bounds of heap allocated data by sending invalid arguments to 'tf.raw_ops.ResourceScatterUpdate'. The implementation (https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/resource_variable_ops.cc#L919-L923) has an incomplete validation of the relationship between the shapes of 'indices' and 'updates': instead of checking that the shape of 'indices' is a prefix of the shape of 'updates' (so that broadcasting can happen), code only checks that the number of elements in these two tensors are in a divisibility relationship. The Tensorflow team has patched the issue in GitHub commit 01cff3f986259d661103412a20745928c727326f.", + "cve": "CVE-2021-37655", + "id": "pyup.io-57311", + "more_info_path": "/vulnerabilities/CVE-2021-37655/57311", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57007,10 +57898,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22901", - "id": "pyup.io-57315", - "more_info_path": "/vulnerabilities/CVE-2021-22901/57315", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37672:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.SdcaOptimizerV2\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/sdca_internal.cc#L320-L353) does not check that the length of \"example_labels\" is the same as the number of examples. The Tensorflow team has patched the issue in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hj3-vjjf-f5m7\nhttps://github.com/tensorflow/tensorflow/commit/a4e138660270e7599793fa438cd7b2fc2ce215a6", + "cve": "CVE-2021-37672", + "id": "pyup.io-57312", + "more_info_path": "/vulnerabilities/CVE-2021-37672/57312", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57020,10 +57911,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22897", - "id": "pyup.io-57316", - "more_info_path": "/vulnerabilities/CVE-2021-22897/57316", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37670:\nIn affected versions, an attacker can read from outside of bounds of heap allocated data by sending specially crafted illegal arguments to \"tf.raw_ops.UpperBound\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/searchsorted_op.cc#L85-L104) does not validate the rank of \"sorted_input\" argument. A similar issue occurs in \"tf.raw_ops.LowerBound\". The Tensorflow team has patched the issue in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-9697-98pf-4rw7\nhttps://github.com/tensorflow/tensorflow/commit/42459e4273c2e47a3232cc16c4f4fff3b3a35c38", + "cve": "CVE-2021-37670", + "id": "pyup.io-57313", + "more_info_path": "/vulnerabilities/CVE-2021-37670/57313", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57033,10 +57924,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", - "cve": "CVE-2021-22876", - "id": "pyup.io-57317", - "more_info_path": "/vulnerabilities/CVE-2021-22876/57317", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37679:\nIn affected versions it is possible to nest a \"tf.map_fn\" within another \"tf.map_fn\" call. However, if the input tensor is a \"RaggedTensor\" and there is no function signature provided, code assumes the output is a fully specified tensor and fills output buffer with uninitialized contents from the heap. The \"t\" and \"z\" outputs should be identical, however this is not the case. The last row of \"t\" contains data from the heap which can be used to leak other memory information. The bug lies in the conversion from a \"Variant\" tensor to a \"RaggedTensor\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/ragged_tensor_from_variant_op.cc#L177-L190) does not check that all inner shapes match and this results in the additional dimensions. The same implementation can result in data loss, if input tensor is tweaked. The Tensorflow team has patched the issue in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-g8wg-cjwc-xhhp\nhttps://github.com/tensorflow/tensorflow/commit/4e2565483d0ffcadc719bd44893fb7f609bb5f12", + "cve": "CVE-2021-37679", + "id": "pyup.io-57314", + "more_info_path": "/vulnerabilities/CVE-2021-37679/57314", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57046,10 +57937,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", - "cve": "CVE-2021-37673", - "id": "pyup.io-57318", - "more_info_path": "/vulnerabilities/CVE-2021-37673/57318", + "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1, and 2.6.0 updates its dependency 'curl' to v7.77.0 to include security fixes.", + "cve": "CVE-2021-22901", + "id": "pyup.io-57315", + "more_info_path": "/vulnerabilities/CVE-2021-22901/57315", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57059,10 +57950,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "Intel-tensorflow-avx512 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37650: In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. The Tensorflow team has patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876.", - "cve": "CVE-2021-37650", - "id": "pyup.io-57319", - "more_info_path": "/vulnerabilities/CVE-2021-37650/57319", + "advisory": "Intel-tensorflow-avx512 version 2.3.4, 2.4.3, 2.5.1 and 2.6.0 include a fix for CVE-2021-37673:\nIn affected versions, an attacker can trigger a denial of service via a \"CHECK\"-fail in \"tf.raw_ops.MapStage\". The implementation (https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/map_stage_op.cc#L513) does not check that the \"key\" input is a valid non-empty tensor. The Tensorflow team has patched the issue in GitHub commit d7de67733925de196ec8863a33445b73f9562d1d.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-278g-rq84-9hmg\nhttps://github.com/tensorflow/tensorflow/commit/d7de67733925de196ec8863a33445b73f9562d1d", + "cve": "CVE-2021-37673", + "id": "pyup.io-57318", + "more_info_path": "/vulnerabilities/CVE-2021-37673/57318", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57085,10 +57976,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37677", - "id": "pyup.io-57322", - "more_info_path": "/vulnerabilities/CVE-2021-37677/57322", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37674", + "id": "pyup.io-57320", + "more_info_path": "/vulnerabilities/CVE-2021-37674/57320", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57098,10 +57989,10 @@ "v": ">=2.6.0rc0,<2.6.0,>=2.5.0rc0,<2.5.1,>=2.4.0rc0,<2.4.3,>=2.3.0rc0,<2.3.4" }, { - "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can trigger a denial of service via a segmentation fault in 'tf.raw_ops.MaxPoolGrad' caused by missing validation. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/kernels/maxpooling_op.cc) misses some validation for the 'orig_input' and 'orig_output' tensors. The fixes for CVE-2021-29579 were incomplete. We have patched the issue in GitHub commit 136b51f10903e044308cf77117c0ed9871350475. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", - "cve": "CVE-2021-37674", - "id": "pyup.io-57320", - "more_info_path": "/vulnerabilities/CVE-2021-37674/57320", + "advisory": "TensorFlow is an end-to-end open source platform for machine learning. In affected versions the shape inference code for 'tf.raw_ops.Dequantize' has a vulnerability that could trigger a denial of service via a segfault if an attacker provides invalid arguments. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/array_ops.cc#L2999-L3014) uses 'axis' to select between two different values for 'minmax_rank' which is then used to retrieve tensor dimensions. However, code assumes that 'axis' can be either '-1' or a value greater than '-1', with no validation for the other values. We have patched the issue in GitHub commit da857cfa0fde8f79ad0afdbc94e88b5d4bbec764. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.", + "cve": "CVE-2021-37677", + "id": "pyup.io-57322", + "more_info_path": "/vulnerabilities/CVE-2021-37677/57322", "specs": [ ">=2.6.0rc0,<2.6.0", ">=2.5.0rc0,<2.5.1", @@ -57145,10 +58036,10 @@ "v": ">=2.6.0rc0,<2.6.1" }, { - "advisory": "Intel-tensorflow-avx512 versions 2.7.1 and 2.8.0 include a fix for CVE-2022-23590: A 'GraphDef' from a TensorFlow 'SavedModel' can be maliciously altered to cause a TensorFlow process to crash due to encountering a 'StatusOr' value that is an error and forcibly extracting the value from it.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278", - "cve": "CVE-2022-23590", - "id": "pyup.io-57218", - "more_info_path": "/vulnerabilities/CVE-2022-23590/57218", + "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.", + "cve": "CVE-2022-23594", + "id": "pyup.io-57219", + "more_info_path": "/vulnerabilities/CVE-2022-23594/57219", "specs": [ ">=2.7.0a0,<2.7.1", ">=2.8.0a0,<2.8.0" @@ -57156,10 +58047,10 @@ "v": ">=2.7.0a0,<2.7.1,>=2.8.0a0,<2.8.0" }, { - "advisory": "Intel-tensorflow-avx512 is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.", - "cve": "CVE-2022-23594", - "id": "pyup.io-57219", - "more_info_path": "/vulnerabilities/CVE-2022-23594/57219", + "advisory": "Intel-tensorflow-avx512 versions 2.7.1 and 2.8.0 include a fix for CVE-2022-23590: A 'GraphDef' from a TensorFlow 'SavedModel' can be maliciously altered to cause a TensorFlow process to crash due to encountering a 'StatusOr' value that is an error and forcibly extracting the value from it.\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278", + "cve": "CVE-2022-23590", + "id": "pyup.io-57218", + "more_info_path": "/vulnerabilities/CVE-2022-23590/57218", "specs": [ ">=2.7.0a0,<2.7.1", ">=2.8.0a0,<2.8.0" @@ -57385,6 +58276,18 @@ "v": ">=0,<0.13.7,>=0.14.0,<0.14.6" } ], + "invenio-github": [ + { + "advisory": "Invenio-github 1.0.2 includes a fix for a CSRF vulnerability for API requests.\r\nhttps://github.com/inveniosoftware/invenio-github/commit/c0600e6d6586c0980fbfda73945527bbd77f1dce", + "cve": "PVE-2023-59972", + "id": "pyup.io-59972", + "more_info_path": "/vulnerabilities/PVE-2023-59972/59972", + "specs": [ + "<1.0.2" + ], + "v": "<1.0.2" + } + ], "invenio-previewer": [ { "advisory": "invenio-previewer before 1.0.0a12 allows XSS.", @@ -57448,10 +58351,10 @@ "v": "<0.7.3" }, { - "advisory": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.\r\nhttps://github.com/inventree/InvenTree/security/advisories/GHSA-7rq4-qcpw-74gq", - "cve": "CVE-2022-2112", - "id": "pyup.io-54072", - "more_info_path": "/vulnerabilities/CVE-2022-2112/54072", + "advisory": "Inventree 0.7.2 includes a security fix: Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.\r\n- https://huntr.dev/bounties/4cae8442-c042-43c2-ad89-6f666eaf3d57/\r\n- https://huntr.dev/bounties/9d640ef2-c52c-4106-b043-f7497d577078/\r\n- https://huntr.dev/bounties/b114e82f-6c02-485b-82ea-e242f89169c2/\r\n- https://huntr.dev/bounties/22783cd3-1b2c-48fc-b31f-03b53c86da0b/", + "cve": "PVE-2023-55205", + "id": "pyup.io-55205", + "more_info_path": "/vulnerabilities/PVE-2023-55205/55205", "specs": [ ">=0,<0.7.2" ], @@ -57468,10 +58371,10 @@ "v": ">=0,<0.7.2" }, { - "advisory": "Inventree 0.7.2 includes a security fix: Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.\r\n- https://huntr.dev/bounties/4cae8442-c042-43c2-ad89-6f666eaf3d57/\r\n- https://huntr.dev/bounties/9d640ef2-c52c-4106-b043-f7497d577078/\r\n- https://huntr.dev/bounties/b114e82f-6c02-485b-82ea-e242f89169c2/\r\n- https://huntr.dev/bounties/22783cd3-1b2c-48fc-b31f-03b53c86da0b/", - "cve": "PVE-2023-55205", - "id": "pyup.io-55205", - "more_info_path": "/vulnerabilities/PVE-2023-55205/55205", + "advisory": "Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.\r\nhttps://github.com/inventree/InvenTree/security/advisories/GHSA-7rq4-qcpw-74gq", + "cve": "CVE-2022-2112", + "id": "pyup.io-54072", + "more_info_path": "/vulnerabilities/CVE-2022-2112/54072", "specs": [ ">=0,<0.7.2" ], @@ -57539,6 +58442,18 @@ "v": ">0,<0" } ], + "ipams": [ + { + "advisory": "Ipams 1.3.3 updates its dependency 'requests' to version '2.31.0' to include a security fix.\r\nhttps://github.com/rwxd/ipams/commit/0f54f1f30b0446594eb3c245882e00dd728dabba", + "cve": "CVE-2023-32681", + "id": "pyup.io-59357", + "more_info_path": "/vulnerabilities/CVE-2023-32681/59357", + "specs": [ + "<1.3.3" + ], + "v": "<1.3.3" + } + ], "ipboards": [ { "advisory": "Ipboards is a malicious package, typosquatting. It steals Discord access tokens, passwords, and even stage dependency confusion attacks.\r\nhttps://thehackernews.com/2021/11/11-malicious-pypi-python-libraries.html", @@ -57654,9 +58569,9 @@ "ipwb": [ { "advisory": "Ipwb 0.2018.08.29.1434 updates its dependency 'Flask' to v0.12.3 to include security fixes.", - "cve": "CVE-2019-1010083", - "id": "pyup.io-36492", - "more_info_path": "/vulnerabilities/CVE-2019-1010083/36492", + "cve": "CVE-2018-1000656", + "id": "pyup.io-49086", + "more_info_path": "/vulnerabilities/CVE-2018-1000656/49086", "specs": [ "<0.2018.08.29.1434" ], @@ -57664,9 +58579,9 @@ }, { "advisory": "Ipwb 0.2018.08.29.1434 updates its dependency 'Flask' to v0.12.3 to include security fixes.", - "cve": "CVE-2018-1000656", - "id": "pyup.io-49086", - "more_info_path": "/vulnerabilities/CVE-2018-1000656/49086", + "cve": "CVE-2019-1010083", + "id": "pyup.io-36492", + "more_info_path": "/vulnerabilities/CVE-2019-1010083/36492", "specs": [ "<0.2018.08.29.1434" ], @@ -57738,9 +58653,9 @@ }, { "advisory": "Ipyflow 0.0.85 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0691", - "id": "pyup.io-51776", - "more_info_path": "/vulnerabilities/CVE-2022-0691/51776", + "cve": "CVE-2022-0686", + "id": "pyup.io-51775", + "more_info_path": "/vulnerabilities/CVE-2022-0686/51775", "specs": [ "<0.0.85" ], @@ -57748,9 +58663,9 @@ }, { "advisory": "Ipyflow 0.0.85 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0686", - "id": "pyup.io-51775", - "more_info_path": "/vulnerabilities/CVE-2022-0686/51775", + "cve": "CVE-2022-0691", + "id": "pyup.io-51776", + "more_info_path": "/vulnerabilities/CVE-2022-0691/51776", "specs": [ "<0.0.85" ], @@ -57866,20 +58781,20 @@ ], "ipyvue-remote-component": [ { - "advisory": "Ipyvue-remote-component 1.1.1 updates its NPM dependency 'node-fetch' to v2.6.7 to include a security fix.", - "cve": "CVE-2022-0235", - "id": "pyup.io-45538", - "more_info_path": "/vulnerabilities/CVE-2022-0235/45538", + "advisory": "Ipyvue-remote-component 1.1.1 updates its NPM dependency 'ansi-regex' to v5.0.1 to include a security fix.", + "cve": "CVE-2021-3807", + "id": "pyup.io-45536", + "more_info_path": "/vulnerabilities/CVE-2021-3807/45536", "specs": [ "<1.1.1" ], "v": "<1.1.1" }, { - "advisory": "Ipyvue-remote-component 1.1.1 updates its NPM dependency 'ansi-regex' to v5.0.1 to include a security fix.", - "cve": "CVE-2021-3807", - "id": "pyup.io-45536", - "more_info_path": "/vulnerabilities/CVE-2021-3807/45536", + "advisory": "Ipyvue-remote-component 1.1.1 updates its NPM dependency 'node-fetch' to v2.6.7 to include a security fix.", + "cve": "CVE-2022-0235", + "id": "pyup.io-45538", + "more_info_path": "/vulnerabilities/CVE-2022-0235/45538", "specs": [ "<1.1.1" ], @@ -58426,6 +59341,18 @@ "v": "<0.0.3" } ], + "jageocoder": [ + { + "advisory": "Jageocoder 2.0.2 updates its dependency 'flask' to version '2.2.5' to include a security fix.\r\nhttps://github.com/t-sagara/jageocoder/commit/d6aae38a75089863c1eae574f2c93027228a6ca8", + "cve": "CVE-2023-30861", + "id": "pyup.io-59431", + "more_info_path": "/vulnerabilities/CVE-2023-30861/59431", + "specs": [ + "<2.0.2" + ], + "v": "<2.0.2" + } + ], "jake": [ { "advisory": "Jake 0.2.59 updates its dependency 'lxml' to include a security fix.", @@ -58596,16 +59523,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29588", - "id": "pyup.io-44108", - "more_info_path": "/vulnerabilities/CVE-2021-29588/44108", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29596", @@ -58616,16 +59533,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29598", - "id": "pyup.io-44122", - "more_info_path": "/vulnerabilities/CVE-2021-29598/44122", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29536", @@ -58658,19 +59565,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29556", - "id": "pyup.io-44151", - "more_info_path": "/vulnerabilities/CVE-2021-29556/44151", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29610", - "id": "pyup.io-44076", - "more_info_path": "/vulnerabilities/CVE-2021-29610/44076", + "cve": "CVE-2021-29552", + "id": "pyup.io-44144", + "more_info_path": "/vulnerabilities/CVE-2021-29552/44144", "specs": [ "<2.0.0" ], @@ -58678,9 +59575,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29552", - "id": "pyup.io-44144", - "more_info_path": "/vulnerabilities/CVE-2021-29552/44144", + "cve": "CVE-2021-29549", + "id": "pyup.io-44136", + "more_info_path": "/vulnerabilities/CVE-2021-29549/44136", "specs": [ "<2.0.0" ], @@ -58688,9 +59585,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29549", - "id": "pyup.io-44136", - "more_info_path": "/vulnerabilities/CVE-2021-29549/44136", + "cve": "CVE-2021-29610", + "id": "pyup.io-44076", + "more_info_path": "/vulnerabilities/CVE-2021-29610/44076", "specs": [ "<2.0.0" ], @@ -58728,9 +59625,19 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29603", - "id": "pyup.io-44126", - "more_info_path": "/vulnerabilities/CVE-2021-29603/44126", + "cve": "CVE-2021-29588", + "id": "pyup.io-44108", + "more_info_path": "/vulnerabilities/CVE-2021-29588/44108", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29556", + "id": "pyup.io-44151", + "more_info_path": "/vulnerabilities/CVE-2021-29556/44151", "specs": [ "<2.0.0" ], @@ -58758,9 +59665,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29516", - "id": "pyup.io-44159", - "more_info_path": "/vulnerabilities/CVE-2021-29516/44159", + "cve": "CVE-2021-29598", + "id": "pyup.io-44122", + "more_info_path": "/vulnerabilities/CVE-2021-29598/44122", "specs": [ "<2.0.0" ], @@ -58768,9 +59675,29 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29528", - "id": "pyup.io-44117", - "more_info_path": "/vulnerabilities/CVE-2021-29528/44117", + "cve": "CVE-2021-29551", + "id": "pyup.io-44096", + "more_info_path": "/vulnerabilities/CVE-2021-29551/44096", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29541", + "id": "pyup.io-44130", + "more_info_path": "/vulnerabilities/CVE-2021-29541/44130", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29516", + "id": "pyup.io-44159", + "more_info_path": "/vulnerabilities/CVE-2021-29516/44159", "specs": [ "<2.0.0" ], @@ -58816,6 +59743,16 @@ ], "v": "<2.0.0" }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29615", + "id": "pyup.io-44138", + "more_info_path": "/vulnerabilities/CVE-2021-29615/44138", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29595", @@ -58858,9 +59795,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29537", - "id": "pyup.io-44084", - "more_info_path": "/vulnerabilities/CVE-2021-29537/44084", + "cve": "CVE-2021-29585", + "id": "pyup.io-44106", + "more_info_path": "/vulnerabilities/CVE-2021-29585/44106", "specs": [ "<2.0.0" ], @@ -58878,19 +59815,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29564", - "id": "pyup.io-44066", - "more_info_path": "/vulnerabilities/CVE-2021-29564/44066", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29585", - "id": "pyup.io-44106", - "more_info_path": "/vulnerabilities/CVE-2021-29585/44106", + "cve": "CVE-2021-29608", + "id": "pyup.io-44095", + "more_info_path": "/vulnerabilities/CVE-2021-29608/44095", "specs": [ "<2.0.0" ], @@ -58908,9 +59835,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29608", - "id": "pyup.io-44095", - "more_info_path": "/vulnerabilities/CVE-2021-29608/44095", + "cve": "CVE-2021-29594", + "id": "pyup.io-44112", + "more_info_path": "/vulnerabilities/CVE-2021-29594/44112", "specs": [ "<2.0.0" ], @@ -58918,9 +59845,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29559", - "id": "pyup.io-44153", - "more_info_path": "/vulnerabilities/CVE-2021-29559/44153", + "cve": "CVE-2021-29558", + "id": "pyup.io-44152", + "more_info_path": "/vulnerabilities/CVE-2021-29558/44152", "specs": [ "<2.0.0" ], @@ -58928,9 +59855,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29594", - "id": "pyup.io-44112", - "more_info_path": "/vulnerabilities/CVE-2021-29594/44112", + "cve": "CVE-2021-29566", + "id": "pyup.io-44079", + "more_info_path": "/vulnerabilities/CVE-2021-29566/44079", "specs": [ "<2.0.0" ], @@ -58938,9 +59865,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29558", - "id": "pyup.io-44152", - "more_info_path": "/vulnerabilities/CVE-2021-29558/44152", + "cve": "CVE-2021-29573", + "id": "pyup.io-44167", + "more_info_path": "/vulnerabilities/CVE-2021-29573/44167", "specs": [ "<2.0.0" ], @@ -58948,9 +59875,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29566", - "id": "pyup.io-44079", - "more_info_path": "/vulnerabilities/CVE-2021-29566/44079", + "cve": "CVE-2021-29559", + "id": "pyup.io-44153", + "more_info_path": "/vulnerabilities/CVE-2021-29559/44153", "specs": [ "<2.0.0" ], @@ -58958,9 +59885,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29573", - "id": "pyup.io-44167", - "more_info_path": "/vulnerabilities/CVE-2021-29573/44167", + "cve": "CVE-2021-29564", + "id": "pyup.io-44066", + "more_info_path": "/vulnerabilities/CVE-2021-29564/44066", "specs": [ "<2.0.0" ], @@ -58978,9 +59905,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29534", - "id": "pyup.io-44075", - "more_info_path": "/vulnerabilities/CVE-2021-29534/44075", + "cve": "CVE-2021-29617", + "id": "pyup.io-44139", + "more_info_path": "/vulnerabilities/CVE-2021-29617/44139", "specs": [ "<2.0.0" ], @@ -58998,9 +59925,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29617", - "id": "pyup.io-44139", - "more_info_path": "/vulnerabilities/CVE-2021-29617/44139", + "cve": "CVE-2021-29534", + "id": "pyup.io-44075", + "more_info_path": "/vulnerabilities/CVE-2021-29534/44075", "specs": [ "<2.0.0" ], @@ -59038,9 +59965,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29545", - "id": "pyup.io-44083", - "more_info_path": "/vulnerabilities/CVE-2021-29545/44083", + "cve": "CVE-2021-29537", + "id": "pyup.io-44084", + "more_info_path": "/vulnerabilities/CVE-2021-29537/44084", "specs": [ "<2.0.0" ], @@ -59048,9 +59975,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29515", - "id": "pyup.io-44166", - "more_info_path": "/vulnerabilities/CVE-2021-29515/44166", + "cve": "CVE-2021-29545", + "id": "pyup.io-44083", + "more_info_path": "/vulnerabilities/CVE-2021-29545/44083", "specs": [ "<2.0.0" ], @@ -59058,9 +59985,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29523", - "id": "pyup.io-44068", - "more_info_path": "/vulnerabilities/CVE-2021-29523/44068", + "cve": "CVE-2020-8169", + "id": "pyup.io-44069", + "more_info_path": "/vulnerabilities/CVE-2020-8169/44069", "specs": [ "<2.0.0" ], @@ -59076,16 +60003,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8169", - "id": "pyup.io-44069", - "more_info_path": "/vulnerabilities/CVE-2020-8169/44069", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29516", @@ -59116,16 +60033,6 @@ ], "v": "<2.0.0" }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29584", - "id": "pyup.io-44105", - "more_info_path": "/vulnerabilities/CVE-2021-29584/44105", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29530", @@ -59138,9 +60045,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29518", - "id": "pyup.io-44156", - "more_info_path": "/vulnerabilities/CVE-2021-29518/44156", + "cve": "CVE-2021-29614", + "id": "pyup.io-44173", + "more_info_path": "/vulnerabilities/CVE-2021-29614/44173", "specs": [ "<2.0.0" ], @@ -59148,9 +60055,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29614", - "id": "pyup.io-44173", - "more_info_path": "/vulnerabilities/CVE-2021-29614/44173", + "cve": "CVE-2021-29584", + "id": "pyup.io-44105", + "more_info_path": "/vulnerabilities/CVE-2021-29584/44105", "specs": [ "<2.0.0" ], @@ -59158,9 +60065,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29619", - "id": "pyup.io-44143", - "more_info_path": "/vulnerabilities/CVE-2021-29619/44143", + "cve": "CVE-2021-29518", + "id": "pyup.io-44156", + "more_info_path": "/vulnerabilities/CVE-2021-29518/44156", "specs": [ "<2.0.0" ], @@ -59168,9 +60075,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29611", - "id": "pyup.io-44133", - "more_info_path": "/vulnerabilities/CVE-2021-29611/44133", + "cve": "CVE-2021-29552", + "id": "pyup.io-44142", + "more_info_path": "/vulnerabilities/CVE-2021-29552/44142", "specs": [ "<2.0.0" ], @@ -59178,9 +60085,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29544", - "id": "pyup.io-44074", - "more_info_path": "/vulnerabilities/CVE-2021-29544/44074", + "cve": "CVE-2021-29524", + "id": "pyup.io-44064", + "more_info_path": "/vulnerabilities/CVE-2021-29524/44064", "specs": [ "<2.0.0" ], @@ -59188,9 +60095,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29552", - "id": "pyup.io-44142", - "more_info_path": "/vulnerabilities/CVE-2021-29552/44142", + "cve": "CVE-2021-29532", + "id": "pyup.io-44070", + "more_info_path": "/vulnerabilities/CVE-2021-29532/44070", "specs": [ "<2.0.0" ], @@ -59208,9 +60115,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29532", - "id": "pyup.io-44070", - "more_info_path": "/vulnerabilities/CVE-2021-29532/44070", + "cve": "CVE-2021-29619", + "id": "pyup.io-44143", + "more_info_path": "/vulnerabilities/CVE-2021-29619/44143", "specs": [ "<2.0.0" ], @@ -59228,9 +60135,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29524", - "id": "pyup.io-44064", - "more_info_path": "/vulnerabilities/CVE-2021-29524/44064", + "cve": "CVE-2021-29544", + "id": "pyup.io-44074", + "more_info_path": "/vulnerabilities/CVE-2021-29544/44074", "specs": [ "<2.0.0" ], @@ -59258,9 +60165,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8286", - "id": "pyup.io-44155", - "more_info_path": "/vulnerabilities/CVE-2020-8286/44155", + "cve": "CVE-2021-29515", + "id": "pyup.io-44166", + "more_info_path": "/vulnerabilities/CVE-2021-29515/44166", "specs": [ "<2.0.0" ], @@ -59288,19 +60195,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29577", - "id": "pyup.io-44171", - "more_info_path": "/vulnerabilities/CVE-2021-29577/44171", - "specs": [ - "<2.0.0" - ], - "v": "<2.0.0" - }, - { - "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29533", - "id": "pyup.io-44089", - "more_info_path": "/vulnerabilities/CVE-2021-29533/44089", + "cve": "CVE-2021-29567", + "id": "pyup.io-44086", + "more_info_path": "/vulnerabilities/CVE-2021-29567/44086", "specs": [ "<2.0.0" ], @@ -59308,9 +60205,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29551", - "id": "pyup.io-44096", - "more_info_path": "/vulnerabilities/CVE-2021-29551/44096", + "cve": "CVE-2021-29577", + "id": "pyup.io-44171", + "more_info_path": "/vulnerabilities/CVE-2021-29577/44171", "specs": [ "<2.0.0" ], @@ -59318,9 +60215,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29567", - "id": "pyup.io-44086", - "more_info_path": "/vulnerabilities/CVE-2021-29567/44086", + "cve": "CVE-2021-29533", + "id": "pyup.io-44089", + "more_info_path": "/vulnerabilities/CVE-2021-29533/44089", "specs": [ "<2.0.0" ], @@ -59388,9 +60285,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2020-8285", - "id": "pyup.io-44172", - "more_info_path": "/vulnerabilities/CVE-2020-8285/44172", + "cve": "CVE-2021-29606", + "id": "pyup.io-44128", + "more_info_path": "/vulnerabilities/CVE-2021-29606/44128", "specs": [ "<2.0.0" ], @@ -59398,9 +60295,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29576", - "id": "pyup.io-44169", - "more_info_path": "/vulnerabilities/CVE-2021-29576/44169", + "cve": "CVE-2021-29540", + "id": "pyup.io-44094", + "more_info_path": "/vulnerabilities/CVE-2021-29540/44094", "specs": [ "<2.0.0" ], @@ -59408,9 +60305,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29606", - "id": "pyup.io-44128", - "more_info_path": "/vulnerabilities/CVE-2021-29606/44128", + "cve": "CVE-2021-29593", + "id": "pyup.io-44114", + "more_info_path": "/vulnerabilities/CVE-2021-29593/44114", "specs": [ "<2.0.0" ], @@ -59418,9 +60315,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29540", - "id": "pyup.io-44094", - "more_info_path": "/vulnerabilities/CVE-2021-29540/44094", + "cve": "CVE-2021-29601", + "id": "pyup.io-44125", + "more_info_path": "/vulnerabilities/CVE-2021-29601/44125", "specs": [ "<2.0.0" ], @@ -59428,9 +60325,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29593", - "id": "pyup.io-44114", - "more_info_path": "/vulnerabilities/CVE-2021-29593/44114", + "cve": "CVE-2020-8285", + "id": "pyup.io-44172", + "more_info_path": "/vulnerabilities/CVE-2020-8285/44172", "specs": [ "<2.0.0" ], @@ -59438,9 +60335,19 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29601", - "id": "pyup.io-44125", - "more_info_path": "/vulnerabilities/CVE-2021-29601/44125", + "cve": "CVE-2021-29576", + "id": "pyup.io-44169", + "more_info_path": "/vulnerabilities/CVE-2021-29576/44169", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29600", + "id": "pyup.io-44124", + "more_info_path": "/vulnerabilities/CVE-2021-29600/44124", "specs": [ "<2.0.0" ], @@ -59458,9 +60365,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29600", - "id": "pyup.io-44124", - "more_info_path": "/vulnerabilities/CVE-2021-29600/44124", + "cve": "CVE-2021-29523", + "id": "pyup.io-44068", + "more_info_path": "/vulnerabilities/CVE-2021-29523/44068", "specs": [ "<2.0.0" ], @@ -59468,9 +60375,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29541", - "id": "pyup.io-44130", - "more_info_path": "/vulnerabilities/CVE-2021-29541/44130", + "cve": "CVE-2021-29528", + "id": "pyup.io-44117", + "more_info_path": "/vulnerabilities/CVE-2021-29528/44117", "specs": [ "<2.0.0" ], @@ -59496,6 +60403,16 @@ ], "v": "<2.0.0" }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29609", + "id": "pyup.io-44132", + "more_info_path": "/vulnerabilities/CVE-2021-29609/44132", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2021-29547", @@ -59508,9 +60425,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29609", - "id": "pyup.io-44132", - "more_info_path": "/vulnerabilities/CVE-2021-29609/44132", + "cve": "CVE-2021-29603", + "id": "pyup.io-44126", + "more_info_path": "/vulnerabilities/CVE-2021-29603/44126", "specs": [ "<2.0.0" ], @@ -59518,9 +60435,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29561", - "id": "pyup.io-44162", - "more_info_path": "/vulnerabilities/CVE-2021-29561/44162", + "cve": "CVE-2021-29611", + "id": "pyup.io-44133", + "more_info_path": "/vulnerabilities/CVE-2021-29611/44133", "specs": [ "<2.0.0" ], @@ -59528,9 +60445,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29607", - "id": "pyup.io-44131", - "more_info_path": "/vulnerabilities/CVE-2021-29607/44131", + "cve": "CVE-2020-8286", + "id": "pyup.io-44155", + "more_info_path": "/vulnerabilities/CVE-2020-8286/44155", "specs": [ "<2.0.0" ], @@ -59538,9 +60455,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29599", - "id": "pyup.io-44123", - "more_info_path": "/vulnerabilities/CVE-2021-29599/44123", + "cve": "CVE-2021-29561", + "id": "pyup.io-44162", + "more_info_path": "/vulnerabilities/CVE-2021-29561/44162", "specs": [ "<2.0.0" ], @@ -59548,9 +60465,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29568", - "id": "pyup.io-44078", - "more_info_path": "/vulnerabilities/CVE-2021-29568/44078", + "cve": "CVE-2021-29548", + "id": "pyup.io-44091", + "more_info_path": "/vulnerabilities/CVE-2021-29548/44091", "specs": [ "<2.0.0" ], @@ -59566,6 +60483,16 @@ ], "v": "<2.0.0" }, + { + "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", + "cve": "CVE-2021-29599", + "id": "pyup.io-44123", + "more_info_path": "/vulnerabilities/CVE-2021-29599/44123", + "specs": [ + "<2.0.0" + ], + "v": "<2.0.0" + }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", "cve": "CVE-2020-8284", @@ -59578,9 +60505,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29548", - "id": "pyup.io-44091", - "more_info_path": "/vulnerabilities/CVE-2021-29548/44091", + "cve": "CVE-2021-29607", + "id": "pyup.io-44131", + "more_info_path": "/vulnerabilities/CVE-2021-29607/44131", "specs": [ "<2.0.0" ], @@ -59588,9 +60515,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29575", - "id": "pyup.io-44165", - "more_info_path": "/vulnerabilities/CVE-2021-29575/44165", + "cve": "CVE-2021-29568", + "id": "pyup.io-44078", + "more_info_path": "/vulnerabilities/CVE-2021-29568/44078", "specs": [ "<2.0.0" ], @@ -59598,9 +60525,9 @@ }, { "advisory": "Jina version 2.0.0 updates its dependency \"Tensorflow\" to v2.4.2 to include security fixes.", - "cve": "CVE-2021-29615", - "id": "pyup.io-44138", - "more_info_path": "/vulnerabilities/CVE-2021-29615/44138", + "cve": "CVE-2021-29575", + "id": "pyup.io-44165", + "more_info_path": "/vulnerabilities/CVE-2021-29575/44165", "specs": [ "<2.0.0" ], @@ -59727,38 +60654,6 @@ "v": "<3.4.5" } ], - "jinja": [ - { - "advisory": "Jinja 2.10.1 adds 'SandboxedEnvironment' to handle 'str.format_map' in order to prevent code execution through untrusted format strings.\r\nhttps://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26", - "cve": "PVE-2022-45137", - "id": "pyup.io-45137", - "more_info_path": "/vulnerabilities/PVE-2022-45137/45137", - "specs": [ - "<2.10.1" - ], - "v": "<2.10.1" - }, - { - "advisory": "jinja 2.7.2 fixes a security issue: Changed the default folder for the filesystem cache to be user specific and read and write protected on UNIX systems. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747 for more information.", - "cve": "PVE-2021-25863", - "id": "pyup.io-25863", - "more_info_path": "/vulnerabilities/PVE-2021-25863/25863", - "specs": [ - "<2.7.2" - ], - "v": "<2.7.2" - }, - { - "advisory": "jinja 2.7.3 fixes a security issue: Corrected the security fix for the cache folder.", - "cve": "PVE-2021-25864", - "id": "pyup.io-25864", - "more_info_path": "/vulnerabilities/PVE-2021-25864/25864", - "specs": [ - "<2.7.3" - ], - "v": "<2.7.3" - } - ], "jinja2": [ { "advisory": "This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the '_punctuation_re regex' operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory.", @@ -59791,7 +60686,7 @@ "v": "<2.8.1" }, { - "advisory": "In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.", + "advisory": "Jinja2 2.10.1 adds 'SandboxedEnvironment' to handle 'str.format_map' in order to prevent code execution through untrusted format strings.\r\nhttps://github.com/pallets/jinja/commit/a2a6c930bcca591a25d2b316fcfd2d6793897b26", "cve": "CVE-2019-10906", "id": "pyup.io-54679", "more_info_path": "/vulnerabilities/CVE-2019-10906/54679", @@ -60326,7 +61221,7 @@ ], "jupyter-core": [ { - "advisory": "Jupyter-core 4.11.2 includes a fix for CVE-2022-39286: Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in 'jupyter_core' that stems from 'jupyter_core' executing untrusted files in CWD. This vulnerability allows one user to run code as another.", + "advisory": "Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in 'jupyter_core' that stems from 'jupyter_core' executing untrusted files in CWD. This vulnerability allows one user to run code as another.", "cve": "CVE-2022-39286", "id": "pyup.io-54717", "more_info_path": "/vulnerabilities/CVE-2022-39286/54717", @@ -60821,6 +61716,18 @@ "v": "<0.32.0" } ], + "jupyterlab-iframe": [ + { + "advisory": "Jupyterlab-iframe 0.5.0 updates its dependencies 'ws' to version '7.4.6' to include a fix for a ReDoS vulnerability.\r\nhttps://github.com/timkpaine/jupyterlab_iframe/pull/139", + "cve": "CVE-2021-32640", + "id": "pyup.io-59506", + "more_info_path": "/vulnerabilities/CVE-2021-32640/59506", + "specs": [ + "<0.5.0" + ], + "v": "<0.5.0" + } + ], "jupyterlab-link-share": [ { "advisory": "Jupyterlab-link-share 0.2.1 updates its NPM dependency 'hosted-git-info' to v2.8.9 to include a security fix.", @@ -60930,9 +61837,9 @@ }, { "advisory": "Jupytext 1.11.5 updates its NPM dependency 'tar' to v6.1.11 to include security fixes.", - "cve": "CVE-2021-37713", - "id": "pyup.io-49037", - "more_info_path": "/vulnerabilities/CVE-2021-37713/49037", + "cve": "CVE-2021-37712", + "id": "pyup.io-49036", + "more_info_path": "/vulnerabilities/CVE-2021-37712/49036", "specs": [ "<1.11.5" ], @@ -60940,9 +61847,19 @@ }, { "advisory": "Jupytext 1.11.5 updates its NPM dependency 'tar' to v6.1.11 to include security fixes.", - "cve": "CVE-2021-37712", - "id": "pyup.io-49036", - "more_info_path": "/vulnerabilities/CVE-2021-37712/49036", + "cve": "CVE-2021-32803", + "id": "pyup.io-49039", + "more_info_path": "/vulnerabilities/CVE-2021-32803/49039", + "specs": [ + "<1.11.5" + ], + "v": "<1.11.5" + }, + { + "advisory": "Jupytext 1.11.5 updates its NPM dependency 'tar' to v6.1.11 to include security fixes.", + "cve": "CVE-2021-37713", + "id": "pyup.io-49037", + "more_info_path": "/vulnerabilities/CVE-2021-37713/49037", "specs": [ "<1.11.5" ], @@ -60960,9 +61877,9 @@ }, { "advisory": "Jupytext 1.11.5 updates its NPM dependency 'tar' to v6.1.11 to include security fixes.", - "cve": "CVE-2021-32803", - "id": "pyup.io-49039", - "more_info_path": "/vulnerabilities/CVE-2021-32803/49039", + "cve": "CVE-2021-37701", + "id": "pyup.io-41249", + "more_info_path": "/vulnerabilities/CVE-2021-37701/41249", "specs": [ "<1.11.5" ], @@ -60978,16 +61895,6 @@ ], "v": "<1.11.5" }, - { - "advisory": "Jupytext 1.11.5 updates its NPM dependency 'tar' to v6.1.11 to include security fixes.", - "cve": "CVE-2021-37701", - "id": "pyup.io-41249", - "more_info_path": "/vulnerabilities/CVE-2021-37701/41249", - "specs": [ - "<1.11.5" - ], - "v": "<1.11.5" - }, { "advisory": "Jupytext version 1.13.0 updates its jupyterlab extension's dependencies (especially \"ansi-regex\") to handle security vulnerabilities. See CVE-2021-3807.\r\nhttps://github.com/mwouts/jupytext/issues/857", "cve": "CVE-2021-3807", @@ -60998,16 +61905,6 @@ ], "v": "<1.13.0" }, - { - "advisory": "Jupytext 1.13.8 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", - "cve": "CVE-2022-0686", - "id": "pyup.io-47983", - "more_info_path": "/vulnerabilities/CVE-2022-0686/47983", - "specs": [ - "<1.13.8" - ], - "v": "<1.13.8" - }, { "advisory": "Jupytext 1.13.8 updates its NPM dependency 'url-parse' to v1.5.10 to include a security fixes.", "cve": "CVE-2022-0512", @@ -61038,6 +61935,16 @@ ], "v": "<1.13.8" }, + { + "advisory": "Jupytext 1.13.8 updates its NPM dependency 'minimist' to v1.2.6 to include a security fix.", + "cve": "CVE-2021-44906", + "id": "pyup.io-47986", + "more_info_path": "/vulnerabilities/CVE-2021-44906/47986", + "specs": [ + "<1.13.8" + ], + "v": "<1.13.8" + }, { "advisory": "Jupytext 1.13.8 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", "cve": "CVE-2022-0691", @@ -61049,15 +61956,25 @@ "v": "<1.13.8" }, { - "advisory": "Jupytext 1.13.8 updates its NPM dependency 'minimist' to v1.2.6 to include a security fix.", - "cve": "CVE-2021-44906", - "id": "pyup.io-47986", - "more_info_path": "/vulnerabilities/CVE-2021-44906/47986", + "advisory": "Jupytext 1.13.8 updates its NPM dependency 'url-parse' to v1.5.10 to include security fixes.", + "cve": "CVE-2022-0686", + "id": "pyup.io-47983", + "more_info_path": "/vulnerabilities/CVE-2022-0686/47983", "specs": [ "<1.13.8" ], "v": "<1.13.8" }, + { + "advisory": "Jupytext 1.14.2 updates its NPM dependency 'loader-utils' to v1.4.1 to include a security fix.", + "cve": "CVE-2022-37601", + "id": "pyup.io-52331", + "more_info_path": "/vulnerabilities/CVE-2022-37601/52331", + "specs": [ + "<1.14.2" + ], + "v": "<1.14.2" + }, { "advisory": "Jupytext 1.14.2 updates its NPM dependency 'moment' to v2.29.4 to include a security fix.", "cve": "CVE-2022-31129", @@ -61078,16 +61995,6 @@ ], "v": "<1.14.2" }, - { - "advisory": "Jupytext 1.14.2 updates its NPM dependency 'loader-utils' to v1.4.1 to include a security fix.", - "cve": "CVE-2022-37601", - "id": "pyup.io-52331", - "more_info_path": "/vulnerabilities/CVE-2022-37601/52331", - "specs": [ - "<1.14.2" - ], - "v": "<1.14.2" - }, { "advisory": "Jupytext 1.14.5 updates its NPM dependency 'json5' to v1.0.2 to include a security fix.", "cve": "CVE-2022-46175", @@ -61213,20 +62120,20 @@ ], "kako": [ { - "advisory": "Kako 1.1.0 updates its dependency 'requests' to v2.22.0 to include a security fix.", - "cve": "CVE-2018-18074", - "id": "pyup.io-54901", - "more_info_path": "/vulnerabilities/CVE-2018-18074/54901", + "advisory": "Kako 1.1.0 updates its dependency 'pyyaml' to v5.1.2 to include a security fix.", + "cve": "CVE-2017-18342", + "id": "pyup.io-38720", + "more_info_path": "/vulnerabilities/CVE-2017-18342/38720", "specs": [ "<1.1.0" ], "v": "<1.1.0" }, { - "advisory": "Kako 1.1.0 updates its dependency 'pyyaml' to v5.1.2 to include a security fix.", - "cve": "CVE-2017-18342", - "id": "pyup.io-38720", - "more_info_path": "/vulnerabilities/CVE-2017-18342/38720", + "advisory": "Kako 1.1.0 updates its dependency 'requests' to v2.22.0 to include a security fix.", + "cve": "CVE-2018-18074", + "id": "pyup.io-54901", + "more_info_path": "/vulnerabilities/CVE-2018-18074/54901", "specs": [ "<1.1.0" ], @@ -62172,6 +63079,46 @@ ], "v": "<11.6" }, + { + "advisory": "Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the `AUTH_PASSWORD_VALIDATORS` configuration setting. As of version 11.7, the password can\u2019t be too similar to other personal information, must contain at least 10 characters, can\u2019t be a commonly used password, and can\u2019t be entirely numeric. As a workaround, an administrator may reset all passwords in Kiwi TCMS if they think a weak password may have been chosen.", + "cve": "CVE-2023-22451", + "id": "pyup.io-59483", + "more_info_path": "/vulnerabilities/CVE-2023-22451/59483", + "specs": [ + "<11.7" + ], + "v": "<11.7" + }, + { + "advisory": "Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This vulnerability has been fixed by configuring Kiwi TCMS to serve with the Content-Security-Policy HTTP header which blocks inline JavaScript in all modern browsers. This configuration change is provided in version 12.1 and users are advised to upgrade. Users unable to upgrade may set their Content-Security-Policy HTTP header manually.\r\n\r\nAlias:\r\nGHSA-2wcr-87wf-cf9j", + "cve": "CVE-2023-27489", + "id": "pyup.io-59484", + "more_info_path": "/vulnerabilities/CVE-2023-27489/59484", + "specs": [ + "<12.1" + ], + "v": "<12.1" + }, + { + "advisory": "Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\r\n\r\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `