{ "bomFormat" : "CycloneDX", "specVersion" : "1.5", "serialNumber" : "urn:uuid:afe33a22-1e62-4f06-a5b2-fbec3951d3c8", "version" : 1, "metadata" : { "timestamp" : "2023-10-13T10:44:12Z", "tools" : [ { "vendor" : "OWASP", "name" : "Dependency-Track", "version" : "4.9.0-SNAPSHOT" } ], "component" : { "name" : "test", "version" : "SNAPSHOT", "type" : "operating-system", "bom-ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } }, "vulnerabilities" : [ { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0b2fc1de-87ad-4643-9851-eaa383ae28eb", "id" : "CVE-2021-3782", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "cwes" : [ 190 ], "description" : "An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.", "published" : "2022-09-23T16:15:00Z", "updated" : "2023-06-26T17:47:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1da48be4-20d9-4b31-84bd-f76ec16f8fa0", "id" : "CVE-2022-27404", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.", "published" : "2022-04-22T14:15:00Z", "updated" : "2022-07-27T13:44:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "232d274a-3f3a-43a7-9f20-d46c391dad92", "id" : "CVE-2022-27405", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.", "published" : "2022-04-22T14:15:00Z", "updated" : "2022-07-27T16:04:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "da0c3a1e-0cd4-4d17-9d51-67cef7b349ce", "id" : "CVE-2022-27406", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.", "published" : "2022-04-22T14:15:00Z", "updated" : "2022-07-27T16:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cb0c0993-9754-438e-bb03-9f4af14ede29", "id" : "CVE-2022-44638", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 190 ], "description" : "In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y.", "published" : "2022-11-03T06:15:00Z", "updated" : "2022-12-13T20:25:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "69296be3-5679-4162-a0da-4bb3a303e28a", "id" : "CVE-2023-3138", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 787 ], "description" : "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "published" : "2023-06-28T21:15:00Z", "updated" : "2023-07-07T13:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "465722af-a3f8-4472-b20a-552299b81ba4", "id" : "CVE-2020-35492", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.8, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability.", "published" : "2021-03-18T19:15:00Z", "updated" : "2023-05-03T12:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6048b3a6-0573-4fff-a080-5230f7f293c9", "id" : "CVE-2019-6461", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 617 ], "description" : "An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.", "published" : "2019-01-16T18:29:00Z", "updated" : "2021-03-04T17:24:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ba70a317-2d12-41e4-ab0c-0d1da6eeddd2", "id" : "CVE-2019-6462", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 835 ], "description" : "An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.", "published" : "2019-01-16T18:29:00Z", "updated" : "2021-03-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6860e780-270c-4119-93ca-351311accc83", "id" : "CVE-2018-19876", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a \"free(): invalid pointer\" error.", "published" : "2018-12-05T20:29:00Z", "updated" : "2019-01-31T19:27:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c65f5af2-ba8a-47e1-9da6-aaf6f92c29ef", "id" : "CVE-2023-28484", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.", "published" : "2023-04-24T21:15:00Z", "updated" : "2023-06-01T14:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "83cd7331-3a0c-418e-b4b4-3377b74b2361", "id" : "CVE-2023-29469", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value).", "published" : "2023-04-24T21:15:00Z", "updated" : "2023-06-01T14:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f9f93da0-3282-43a9-8d17-5f5a92c15483", "id" : "CVE-2023-45322", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "published" : "2023-10-06T22:15:00Z", "updated" : "2023-10-11T18:13:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b8b5eeb1-0c2e-4bdb-a604-6e1eb31b607b", "id" : "CVE-2022-40303", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 190 ], "description" : "An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.", "published" : "2022-11-23T00:15:00Z", "updated" : "2023-01-11T17:29:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "656e1179-fb30-44c3-98ff-c1898b803fb7", "id" : "CVE-2022-40304", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 415 ], "description" : "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.", "published" : "2022-11-23T18:15:00Z", "updated" : "2023-08-08T14:22:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8bf7ff4e-bebf-4d1d-b866-dd044b7664e5", "id" : "CVE-2022-29824", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 190 ], "description" : "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "published" : "2022-05-03T03:15:00Z", "updated" : "2023-01-11T17:33:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "242cffc6-e17b-4af1-b67c-851ec6b04ace", "id" : "CVE-2000-0006", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.6, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:H/Au:N/C:P/I:P/A:N)" } ], "description" : "strace allows local users to read arbitrary files via memory mapped file names.", "published" : "1999-12-25T05:00:00Z", "updated" : "2017-10-10T01:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ae0cde2a-c78d-4ae6-b6b0-c1cdd464961b", "id" : "CVE-2018-13410", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands.", "published" : "2018-07-06T19:29:00Z", "updated" : "2018-08-27T15:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c096e816-7da4-4cb0-97d4-ea7813ad6d69", "id" : "CVE-2021-46828", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 755, 835 ], "description" : "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.", "published" : "2022-07-20T06:15:00Z", "updated" : "2023-08-08T14:22:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "28cf0cc4-ed04-494b-baac-e30903189aa3", "id" : "CVE-2023-2602", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.3, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "cwes" : [ 401 ], "description" : "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "published" : "2023-06-06T20:15:00Z", "updated" : "2023-06-14T18:07:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "81c4459e-f15a-4e93-a6af-86afb1da4952", "id" : "CVE-2023-2603", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 190 ], "description" : "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "published" : "2023-06-06T20:15:00Z", "updated" : "2023-06-21T19:02:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b6489e1e-e5f3-45b9-9cd7-cb69c5a27cdb", "id" : "CVE-2022-35737", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 129 ], "description" : "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "published" : "2022-08-03T06:15:00Z", "updated" : "2022-11-16T20:01:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e5f63d1e-2c64-4a84-a5f4-8b5d8fec0e41", "id" : "CVE-2022-46908", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.3, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "description" : "SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.", "published" : "2022-12-12T06:15:00Z", "updated" : "2023-03-07T18:21:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "451f97e9-0045-4610-9d21-22a466106a00", "id" : "CVE-2023-29499", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 400 ], "description" : "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "published" : "2023-09-14T20:15:00Z", "updated" : "2023-09-25T20:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "abc71931-4b82-47ca-9a9e-4c580ae9f859", "id" : "CVE-2023-32636", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 400 ], "description" : "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "published" : "2023-09-14T20:15:00Z", "updated" : "2023-09-19T18:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1eb64494-775c-4f3f-8dd6-89c2d4030fa4", "id" : "CVE-2023-32665", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 502 ], "description" : "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "published" : "2023-09-14T20:15:00Z", "updated" : "2023-09-25T20:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "dfe7f29d-141b-4871-b046-756707a3db30", "id" : "CVE-2023-32611", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 400 ], "description" : "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "published" : "2023-09-14T20:15:00Z", "updated" : "2023-09-25T20:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1cfae8a5-7ae4-457c-8fcf-cb9c10bc0fe1", "id" : "CVE-2023-32643", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.", "published" : "2023-09-14T20:15:00Z", "updated" : "2023-09-20T14:32:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a0252d95-fc8a-4c05-a377-84a9accee3c4", "id" : "CVE-2023-23914", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.1, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "cwes" : [ 319 ], "description" : "A cleartext transmission of sensitive information vulnerability exists in curl qdev.blocksize from being 256. This stops QEMU and the guest immediately.", "published" : "2023-09-11T04:15:00Z", "updated" : "2023-09-13T14:32:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4d685221-6575-4f9d-9e7e-5b14d622d2c9", "id" : "CVE-2022-0358", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 273 ], "description" : "A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.", "published" : "2022-08-29T15:15:00Z", "updated" : "2022-12-09T18:00:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "df24c652-8da4-495c-a952-5a45c1152cf6", "id" : "CVE-2022-26353", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 772 ], "description" : "A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.", "published" : "2022-03-16T15:15:00Z", "updated" : "2023-02-12T22:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f7ac83c0-e2c4-4815-ae84-ee9260ba65f2", "id" : "CVE-2022-26354", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.2, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L" } ], "cwes" : [ 772 ], "description" : "A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.", "published" : "2022-03-16T15:15:00Z", "updated" : "2023-02-12T22:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3bbf8ead-ce82-4780-9195-8c2f277bab47", "id" : "CVE-2022-2962", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 662 ], "description" : "A DMA reentrancy issue was found in the Tulip device emulation in QEMU. When Tulip reads or writes to the rx/tx descriptor or copies the rx/tx frame, it doesn't check whether the destination address is its own MMIO address. This can cause the device to trigger MMIO handlers multiple times, possibly leading to a stack or heap overflow. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.", "published" : "2022-09-13T20:15:00Z", "updated" : "2023-06-28T20:40:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ba46e99d-6a70-47fc-bb37-9fe88eca79a0", "id" : "CVE-2022-3165", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 191 ], "description" : "An integer underflow issue was found in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could use this flaw to make QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service.", "published" : "2022-10-17T16:15:00Z", "updated" : "2023-01-20T13:33:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a8188136-7004-4a1a-8d87-22d555a5a596", "id" : "CVE-2021-20255", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 674 ], "description" : "A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "published" : "2021-03-09T20:15:00Z", "updated" : "2022-08-05T17:52:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "dc81acb5-0b2e-4765-b37b-4d48ecf2e0ed", "id" : "CVE-2022-35414", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.1, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 908 ], "description" : "** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here, i.e., \"Bugs affecting the non-virtualization use case are not considered security bugs at this time.\"", "published" : "2022-07-11T02:15:00Z", "updated" : "2022-12-09T16:14:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d0bdf478-43a1-414d-bacd-ef87b4924e32", "id" : "CVE-2022-36648", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 10.0, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 476 ], "description" : "The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.", "published" : "2023-08-22T19:16:00Z", "updated" : "2023-10-06T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "849b28b4-6bfa-4b8e-bf38-bf46cba73085", "id" : "CVE-2022-3872", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.6, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" } ], "cwes" : [ 193 ], "description" : "An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.", "published" : "2022-11-07T21:15:00Z", "updated" : "2023-02-23T01:35:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "083a8d9f-82b8-4d5a-849c-7a7cae7aad8c", "id" : "CVE-2022-4144", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.", "published" : "2022-11-29T18:15:00Z", "updated" : "2023-03-29T18:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "52a66876-ee4c-4819-8930-ac4e0b7851d2", "id" : "CVE-2021-3611", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "cwes" : [ 119 ], "description" : "A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.", "published" : "2022-05-11T16:15:00Z", "updated" : "2023-02-12T23:41:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3ca5b34a-fd69-4ea7-aa2d-78778b76136b", "id" : "CVE-2021-3750", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.", "published" : "2022-05-02T19:15:00Z", "updated" : "2023-02-12T23:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "612aadee-7f4b-4f21-8c21-09a3f11767a2", "id" : "CVE-2021-3929", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.", "published" : "2022-08-25T20:15:00Z", "updated" : "2022-10-01T02:28:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e4454fe1-7b5b-4c60-bd13-451416694162", "id" : "CVE-2021-4206", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 190, 120, 131 ], "description" : "A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.", "published" : "2022-04-29T17:15:00Z", "updated" : "2022-09-23T15:13:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a518bd55-a265-432e-b15b-0b4231536896", "id" : "CVE-2021-4207", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 362, 120 ], "description" : "A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process.", "published" : "2022-04-29T17:15:00Z", "updated" : "2022-11-29T16:21:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d979e03d-5a7c-4b55-abfb-6a7e454b8583", "id" : "CVE-2021-3947", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 125 ], "description" : "A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.", "published" : "2022-02-18T18:15:00Z", "updated" : "2022-10-25T20:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2a98791c-074e-45cd-acc7-5dec26babb85", "id" : "CVE-2021-4158", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.0, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.", "published" : "2022-08-24T16:15:00Z", "updated" : "2023-02-12T23:43:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e633252a-03c6-43fe-b69e-e1c84ee493d0", "id" : "CVE-2007-0998", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:P/I:N/A:N)" } ], "cwes" : [ 264 ], "description" : "The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.", "published" : "2007-03-20T10:19:00Z", "updated" : "2017-10-11T01:31:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a6bf43e5-429a-48dd-848d-6f2f3d8d7d93", "id" : "CVE-2023-4527", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "published" : "2023-09-18T17:15:00Z", "updated" : "2023-10-05T16:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "47a2f8a2-8f2d-44a9-aa29-a4e5ad887c3f", "id" : "CVE-2023-5156", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.", "published" : "2023-09-25T16:15:00Z", "updated" : "2023-10-04T00:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "122cbfd1-e25e-44d8-a100-03b2797d3d23", "id" : "CVE-2023-4813", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.9, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "published" : "2023-09-12T22:15:00Z", "updated" : "2023-10-13T01:18:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3698db3d-6743-4918-8821-6610c3d8b37a", "id" : "CVE-2010-4756", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:N/I:N/A:P)" } ], "cwes" : [ 399 ], "description" : "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "published" : "2011-03-02T20:00:00Z", "updated" : "2021-09-01T12:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "69e2daba-42b2-453a-8b05-bf68740d14da", "id" : "CVE-2021-35937", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 367 ], "description" : "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "published" : "2022-08-25T20:15:00Z", "updated" : "2023-06-26T17:48:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "384c914b-cf6c-4e24-8265-3ef9195685df", "id" : "CVE-2021-35938", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 59 ], "description" : "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "published" : "2022-08-25T20:15:00Z", "updated" : "2022-11-29T18:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9619b9eb-c1f2-4ea8-b92d-efe3de12a8d9", "id" : "CVE-2021-35939", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 59 ], "description" : "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "published" : "2022-08-26T16:15:00Z", "updated" : "2023-02-04T01:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f43b447b-9a3d-42d4-962c-b596a015e4da", "id" : "CVE-2023-4733", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "Use After Free in GitHub repository vim/vim prior to 9.0.1840.", "published" : "2023-09-04T14:15:00Z", "updated" : "2023-09-18T02:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a98552df-2b80-4602-b274-5a06d69a2a9e", "id" : "CVE-2023-4734", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 190 ], "description" : "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "published" : "2023-09-02T18:15:00Z", "updated" : "2023-09-08T15:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "334b2233-133b-4fc0-9c31-fff546434384", "id" : "CVE-2023-4735", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "published" : "2023-09-02T18:15:00Z", "updated" : "2023-09-08T15:28:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "884b00d5-6897-4ba6-baaa-2560f87ae415", "id" : "CVE-2023-4736", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 426 ], "description" : "Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.", "published" : "2023-09-02T19:15:00Z", "updated" : "2023-09-08T16:37:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "be92b432-70af-4cf6-b8ce-5c90470dcbc7", "id" : "CVE-2023-4738", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 122 ], "description" : "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "published" : "2023-09-02T20:15:00Z", "updated" : "2023-09-08T14:46:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "71aa23c6-af02-4858-80fc-150859d5e2f0", "id" : "CVE-2023-4750", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "Use After Free in GitHub repository vim/vim prior to 9.0.1857.", "published" : "2023-09-04T14:15:00Z", "updated" : "2023-09-18T02:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "84648045-ce9f-465b-9c60-41b9a6dd1b74", "id" : "CVE-2023-4752", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "Use After Free in GitHub repository vim/vim prior to 9.0.1858.", "published" : "2023-09-04T14:15:00Z", "updated" : "2023-09-29T17:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "38a9050f-7ff6-4395-b9c1-eb871310ecaa", "id" : "CVE-2023-4781", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 122 ], "description" : "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "published" : "2023-09-05T19:15:00Z", "updated" : "2023-09-29T17:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f6ba40c9-d4ef-4d13-817a-d69aceba3a4d", "id" : "CVE-2023-5344", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 122 ], "description" : "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.", "published" : "2023-10-02T20:15:00Z", "updated" : "2023-10-13T03:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0ce1a3f0-eff8-4699-a0cb-e7eea8dd3852", "id" : "CVE-2023-5441", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.", "published" : "2023-10-05T21:15:00Z", "updated" : "2023-10-10T14:51:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7b876ab8-2b04-462f-9248-4a3e07d0e98b", "id" : "CVE-2019-13636", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.8, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.9, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "cwes" : [ 59 ], "description" : "In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.", "published" : "2019-07-17T21:15:00Z", "updated" : "2019-07-24T17:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a597b67a-4e3f-47d3-9d34-1c0ee583d605", "id" : "CVE-2019-20633", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.", "published" : "2020-03-25T17:15:00Z", "updated" : "2020-11-05T14:54:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7d4612f8-246b-49e8-8d63-f6f6f7c1eb63", "id" : "CVE-2018-20969", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.3, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:C/I:C/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 78 ], "description" : "do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.", "published" : "2019-08-16T04:15:00Z", "updated" : "2019-09-05T16:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "aadad198-633a-46d6-95f3-6bafa13bc66d", "id" : "CVE-2018-6951", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \"mangled rename\" issue.", "published" : "2018-02-13T19:29:00Z", "updated" : "2019-04-17T20:29:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f5cfbaa8-41b9-4e75-bcaa-addc6eaf4342", "id" : "CVE-2018-6952", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.", "published" : "2018-02-13T19:29:00Z", "updated" : "2019-04-17T20:29:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a9c9aced-eb71-4550-a0cc-3c04bca65c4f", "id" : "CVE-2019-13638", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.3, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:C/I:C/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 78 ], "description" : "GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.", "published" : "2019-07-26T13:15:00Z", "updated" : "2019-08-16T12:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b7fde0ff-384a-42d8-a2f3-f130c898fcf3", "id" : "CVE-2018-1000156", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.8, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 20 ], "description" : "GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.", "published" : "2018-04-06T13:29:00Z", "updated" : "2019-07-30T10:15:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ed3e63b7-486f-4356-b15e-245fee3575ab", "id" : "CVE-2023-0160", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 667 ], "description" : "A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.", "published" : "2023-07-18T17:15:00Z", "updated" : "2023-07-27T19:48:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e10a39f5-b0fe-49a2-8381-d04b8191190a", "id" : "CVE-2023-2002", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.8, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "cwes" : [ 863 ], "description" : "A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.", "published" : "2023-05-26T17:15:00Z", "updated" : "2023-08-19T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "43437a78-a908-4845-9bcd-4ae7a8e0db8a", "id" : "CVE-2023-3212", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.", "published" : "2023-06-23T20:15:00Z", "updated" : "2023-09-29T22:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "096bf87b-f58b-445a-b114-67d04733a344", "id" : "CVE-2023-32250", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", "published" : "2023-07-10T16:15:00Z", "updated" : "2023-08-24T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "abd31071-6b12-4c8d-b19d-cb9416f43231", "id" : "CVE-2023-32254", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", "published" : "2023-07-10T16:15:00Z", "updated" : "2023-08-24T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "07be5799-497f-474c-92dc-d71dea18839d", "id" : "CVE-2023-3268", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.", "published" : "2023-06-16T19:15:00Z", "updated" : "2023-08-24T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f8cc44ee-7efe-46b2-9432-8d21a5fa2558", "id" : "CVE-2023-4273", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.", "published" : "2023-08-09T15:15:00Z", "updated" : "2023-09-10T12:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e6cef707-9cba-4df6-99ed-9d2f7489a5b0", "id" : "CVE-2023-0179", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 190 ], "description" : "A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.", "published" : "2023-03-27T22:15:00Z", "updated" : "2023-08-11T19:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b619aa98-cb62-4738-859b-6801eabe80b2", "id" : "CVE-2023-0266", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e", "published" : "2023-01-30T14:15:00Z", "updated" : "2023-08-29T17:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "16a63381-9b8d-4bd3-914c-f0331a419dcb", "id" : "CVE-2023-0386", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "description" : "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.", "published" : "2023-03-22T21:15:00Z", "updated" : "2023-06-26T16:56:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "66f5b013-d367-4485-8f83-035f8b85955f", "id" : "CVE-2023-23559", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 190 ], "description" : "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.", "published" : "2023-01-13T01:15:00Z", "updated" : "2023-07-20T19:00:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a6e1a902-679a-466a-89cb-80edad9184ac", "id" : "CVE-2023-0394", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.", "published" : "2023-01-26T21:18:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6ae56469-fcc3-4495-9452-dfd8deda4085", "id" : "CVE-2023-0615", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 369, 190, 401 ], "description" : "A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.", "published" : "2023-02-06T23:15:00Z", "updated" : "2023-02-14T23:38:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "efabba40-00bf-470a-9542-8e287b821bf6", "id" : "CVE-2023-1513", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.3, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "cwes" : [ 665 ], "description" : "A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak.", "published" : "2023-03-23T21:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d01b33b6-18b8-457c-b6e7-471ab0d3c820", "id" : "CVE-2023-2162", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.", "published" : "2023-04-19T20:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f32f1fdd-6edd-443c-850b-aa1eea964763", "id" : "CVE-2023-23005", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.", "published" : "2023-03-01T20:15:00Z", "updated" : "2023-03-13T15:23:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3921a14c-03c0-4f65-b656-42d1c1ac4e04", "id" : "CVE-2023-2430", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 667 ], "description" : "A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.", "published" : "2023-07-23T02:15:00Z", "updated" : "2023-09-10T12:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "54ef26fc-1e01-44e4-b874-c63b8fc67507", "id" : "CVE-2023-28328", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service.", "published" : "2023-04-19T23:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ddf92578-a515-4b5c-92b4-e98356534a67", "id" : "CVE-2023-3161", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 682 ], "description" : "A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service.", "published" : "2023-06-12T20:15:00Z", "updated" : "2023-06-22T00:17:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6fbbd9d0-b796-48e6-a7c3-7fa3f4d60f52", "id" : "CVE-2023-3358", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.", "published" : "2023-06-28T22:15:00Z", "updated" : "2023-07-06T16:54:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "42c95050-9438-4f0e-b894-2623ad652d35", "id" : "CVE-2023-3359", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.", "published" : "2023-06-28T22:15:00Z", "updated" : "2023-07-06T16:56:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "80ba4311-bf09-4eee-a0f2-0982f0d1437c", "id" : "CVE-2023-0458", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 476 ], "description" : "A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11", "published" : "2023-04-26T19:15:00Z", "updated" : "2023-05-09T13:58:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f5fd4d2d-ebde-4ea8-983d-921e8457b542", "id" : "CVE-2023-0459", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 763 ], "description" : "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47", "published" : "2023-05-25T14:15:00Z", "updated" : "2023-06-06T13:47:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ef5c53b6-fa62-4e63-82b7-5e27d1763054", "id" : "CVE-2023-0461", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c", "published" : "2023-02-28T15:15:00Z", "updated" : "2023-06-06T19:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "692d734b-6bd5-4a10-8c45-b7b060e1b7b0", "id" : "CVE-2023-0468", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.", "published" : "2023-01-26T21:18:00Z", "updated" : "2023-02-01T15:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5d36c68e-8046-46d8-b24d-1912d3a74a52", "id" : "CVE-2023-0469", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.", "published" : "2023-01-26T21:18:00Z", "updated" : "2023-02-01T15:58:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c98c3e26-f152-4b83-855a-8309192e3e37", "id" : "CVE-2023-0590", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.", "published" : "2023-03-23T21:15:00Z", "updated" : "2023-03-28T16:24:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e387fd41-660c-48c1-b5b7-236da2d3674a", "id" : "CVE-2023-1195", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.", "published" : "2023-05-18T22:15:00Z", "updated" : "2023-05-26T18:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "fa8a30e2-97f4-4ea0-aa13-6a52ae78dd5e", "id" : "CVE-2023-1382", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. This issue leads to a NULL pointer dereference when accessing con->sock->sk in net/tipc/topsrv.c in the tipc protocol in the Linux kernel.", "published" : "2023-04-19T23:15:00Z", "updated" : "2023-04-28T03:49:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ee427a4e-093d-436d-804b-4b4ff2ae4e1c", "id" : "CVE-2023-2166", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.", "published" : "2023-04-19T23:15:00Z", "updated" : "2023-04-29T03:08:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5ff603ec-ea0b-4f68-a184-18884838fcfa", "id" : "CVE-2023-3355", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.", "published" : "2023-06-28T21:15:00Z", "updated" : "2023-08-02T15:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "278d15e8-54d1-4571-bc26-8de3637fdea1", "id" : "CVE-2023-1078", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 843 ], "description" : "A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.", "published" : "2023-03-27T21:15:00Z", "updated" : "2023-06-26T16:55:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7a1a4043-36a9-496c-9e6b-c739b2b8df89", "id" : "CVE-2023-1079", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.8, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.", "published" : "2023-03-27T21:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c4470c18-3bc5-4f86-8ba2-8e9d73b08736", "id" : "CVE-2023-1855", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.3, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.", "published" : "2023-04-05T20:15:00Z", "updated" : "2023-08-02T17:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e03c948c-5e05-439e-8847-40639b603816", "id" : "CVE-2023-1990", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.", "published" : "2023-04-12T20:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0c812094-1968-4ffb-be0d-df55ddd5f326", "id" : "CVE-2023-1998", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.", "published" : "2023-04-21T15:15:00Z", "updated" : "2023-05-03T15:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bff5513a-8987-4f8e-a961-74b93a04d9f8", "id" : "CVE-2023-2194", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace \"data->block[0]\" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.", "published" : "2023-04-20T21:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d9b4f57b-85de-4805-9d12-96c8b78444ca", "id" : "CVE-2023-2985", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.", "published" : "2023-06-01T01:15:00Z", "updated" : "2023-06-07T19:00:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d1c5eda9-e7e5-4e5a-ad49-06de0e330fd0", "id" : "CVE-2023-3220", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.", "published" : "2023-06-20T20:15:00Z", "updated" : "2023-06-27T12:44:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6811d138-fb71-46bc-927b-09f1e2b5230f", "id" : "CVE-2023-39191", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "description" : "An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.", "published" : "2023-10-04T19:15:00Z", "updated" : "2023-10-06T22:30:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3cd9b109-a864-4d8d-b934-a6553dc3f5f0", "id" : "CVE-2023-4133", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.", "published" : "2023-08-03T15:15:00Z", "updated" : "2023-08-08T14:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4adf82b3-578e-4eb5-8a9f-f1a22a67786e", "id" : "CVE-2023-42755", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.", "published" : "2023-10-05T19:15:00Z", "updated" : "2023-10-11T17:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "03f7bf42-9cdd-49b0-bda2-f4132c3ffabe", "id" : "CVE-2023-1095", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.", "published" : "2023-02-28T23:15:00Z", "updated" : "2023-03-06T14:41:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "80a4d733-4bbe-4d30-9b31-ab7a6dc6ee2c", "id" : "CVE-2023-2007", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 667 ], "description" : "The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.", "published" : "2023-04-24T23:15:00Z", "updated" : "2023-08-19T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "00d5731d-8848-4e03-a9a4-489bb7f37154", "id" : "CVE-2023-2019", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "description" : "A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.", "published" : "2023-04-24T21:15:00Z", "updated" : "2023-05-04T14:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c7df13fc-3130-4d45-b874-a240aa3f3728", "id" : "CVE-2023-28327", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.", "published" : "2023-04-19T23:15:00Z", "updated" : "2023-04-29T03:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9b5a5af5-9ad0-4fde-9fa4-9e5b12e5399b", "id" : "CVE-2023-4394", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.0, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information", "published" : "2023-08-17T13:15:00Z", "updated" : "2023-08-23T20:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4f33d0e9-6939-4879-aeaa-67e532dc07d9", "id" : "CVE-2022-2905", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 125 ], "description" : "An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.", "published" : "2022-09-09T15:15:00Z", "updated" : "2022-11-21T19:44:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2ae61c97-e15d-4f38-a792-e19f78a1c94f", "id" : "CVE-2022-2961", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "published" : "2022-08-29T15:15:00Z", "updated" : "2023-06-28T20:34:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "478b78a1-c959-4d54-b005-9026868c7a6a", "id" : "CVE-2022-3303", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362, 476, 667 ], "description" : "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition", "published" : "2022-09-27T23:15:00Z", "updated" : "2022-12-03T02:50:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9a548c03-6b52-4566-ae1a-059d1169f654", "id" : "CVE-2023-1118", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", "published" : "2023-03-02T18:15:00Z", "updated" : "2023-07-06T13:43:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a95b307b-06da-46fb-ac75-49bb75ece6ba", "id" : "CVE-2023-1206", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 400 ], "description" : "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", "published" : "2023-06-30T22:15:00Z", "updated" : "2023-09-29T22:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "68d39205-be86-4027-be6a-2482e09f55e7", "id" : "CVE-2023-3863", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.1, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.", "published" : "2023-07-24T15:15:00Z", "updated" : "2023-09-10T12:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9554f5e3-fe99-41a7-b250-bf47e803bfab", "id" : "CVE-2023-39194", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 125 ], "description" : "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", "published" : "2023-10-09T18:15:00Z", "updated" : "2023-10-12T13:00:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "31c0968c-254b-47cc-a497-be2b4af41065", "id" : "CVE-2023-4004", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.", "published" : "2023-07-31T17:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "79b7e879-7b27-4621-a7c8-58f26687b051", "id" : "CVE-2023-4128", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.", "published" : "2023-08-10T17:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "59fd1927-d723-4d8d-990f-a1ecb9b4df4b", "id" : "CVE-2023-4147", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.", "published" : "2023-08-07T14:15:00Z", "updated" : "2023-09-12T16:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "38dfb991-fc76-440d-9afc-79f82d7cbd32", "id" : "CVE-2023-4206", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8.", "published" : "2023-09-06T14:15:00Z", "updated" : "2023-09-11T17:57:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c65f1fa7-5dd3-49c7-88fa-9f005ff39bc4", "id" : "CVE-2023-4207", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. When fw_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 76e42ae831991c828cffa8c37736ebfb831ad5ec.", "published" : "2023-09-06T14:15:00Z", "updated" : "2023-09-11T18:13:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3f2b8f4f-6147-4ecf-b754-3fe335c60304", "id" : "CVE-2023-4208", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.", "published" : "2023-09-06T14:15:00Z", "updated" : "2023-09-11T18:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c619c40e-98a5-46ab-a45b-b52e0f0bb106", "id" : "CVE-2023-4244", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8.", "published" : "2023-09-06T14:15:00Z", "updated" : "2023-09-11T18:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "104e438f-ab8c-4f26-bebc-5524f296ad37", "id" : "CVE-2023-4569", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.", "published" : "2023-08-28T22:15:00Z", "updated" : "2023-09-10T12:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ddc2f8ef-e3f0-4869-ad7d-60bbebbcf754", "id" : "CVE-2023-4611", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.3, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.", "published" : "2023-08-29T22:15:00Z", "updated" : "2023-09-01T18:36:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b07db4fa-daba-423d-a205-7aeae95151cb", "id" : "CVE-2023-1249", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 (\"coredump: Use the vma snapshot in fill_files_note\") not applied yet, then kernel could be affected.", "published" : "2023-03-23T21:15:00Z", "updated" : "2023-04-18T20:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6d9def1d-ba55-411b-a683-a1f102cb47b7", "id" : "CVE-2023-3159", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.", "published" : "2023-06-12T21:15:00Z", "updated" : "2023-06-20T20:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "96e2f246-c455-40db-9f07-66b956d6d5e7", "id" : "CVE-2023-3439", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service.", "published" : "2023-06-28T21:15:00Z", "updated" : "2023-07-06T21:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "aba581f3-cb59-48b4-ba79-804f8038cdd4", "id" : "CVE-2023-4387", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.", "published" : "2023-08-16T19:15:00Z", "updated" : "2023-09-18T13:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1322b0bd-58c8-4671-9167-170bfd76277b", "id" : "CVE-2023-4459", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.", "published" : "2023-08-21T19:15:00Z", "updated" : "2023-08-24T21:40:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "329edb66-bb95-4dae-aa05-c5dd4c920eb9", "id" : "CVE-2022-0168", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.", "published" : "2022-08-26T18:15:00Z", "updated" : "2023-02-12T22:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "73032d26-4ed0-4d98-b17d-8873a273702d", "id" : "CVE-2022-0171", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 212 ], "description" : "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).", "published" : "2022-08-26T18:15:00Z", "updated" : "2023-07-21T16:54:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "052e9be0-d0e3-4c1f-9cad-896356e70609", "id" : "CVE-2022-1012", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.2, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.", "published" : "2022-08-05T16:15:00Z", "updated" : "2022-10-28T20:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e6483e20-e33a-4244-8286-b4eb4ee8ffbc", "id" : "CVE-2022-1263", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.", "published" : "2022-08-31T16:15:00Z", "updated" : "2022-09-07T13:11:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "538d3f81-43ff-4a9d-9906-44212c23cb73", "id" : "CVE-2022-1734", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.", "published" : "2022-05-18T17:15:00Z", "updated" : "2022-10-14T12:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5f9c27e1-8df4-435e-b44d-ceb48ccf274b", "id" : "CVE-2022-2153", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.", "published" : "2022-08-31T16:15:00Z", "updated" : "2022-11-21T19:45:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "88feceee-ed27-4f75-aeee-0e5756ecfb90", "id" : "CVE-2022-2380", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 787 ], "description" : "The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. The vulnerability could result in local attackers being able to crash the kernel.", "published" : "2022-07-13T19:15:00Z", "updated" : "2022-07-20T15:02:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "71fa590e-0205-4375-a89d-f8795ace92a7", "id" : "CVE-2022-3078", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.", "published" : "2022-09-01T21:15:00Z", "updated" : "2022-09-07T15:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cfd4ced0-1f39-4caa-a561-debe062b324f", "id" : "CVE-2023-1281", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.", "published" : "2023-03-22T14:15:00Z", "updated" : "2023-06-26T16:57:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "90226fcb-e430-4cee-97d1-94355f7d2eaa", "id" : "CVE-2023-1380", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.", "published" : "2023-03-27T21:15:00Z", "updated" : "2023-08-19T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c85fd686-f403-426d-8c3d-ada2b5499d86", "id" : "CVE-2023-1611", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.3, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea", "published" : "2023-04-03T22:15:00Z", "updated" : "2023-08-02T17:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bed49eba-ab49-43e1-a55a-60f023f4d688", "id" : "CVE-2023-1652", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.", "published" : "2023-03-29T21:15:00Z", "updated" : "2023-07-06T16:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "51120e47-8c03-44cf-8131-a37cc26bae3a", "id" : "CVE-2023-1670", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", "published" : "2023-03-30T23:15:00Z", "updated" : "2023-07-06T16:43:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e5935f5a-a94c-4f86-994e-b00f03864971", "id" : "CVE-2023-1989", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.", "published" : "2023-04-11T21:15:00Z", "updated" : "2023-09-10T12:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c6a1680c-2bf4-41f3-9fea-70b223fe06fa", "id" : "CVE-2023-28466", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 476 ], "description" : "do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).", "published" : "2023-03-16T00:15:00Z", "updated" : "2023-08-18T18:57:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ddb44710-457b-40c8-bead-75220549b735", "id" : "CVE-2023-1829", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.", "published" : "2023-04-12T12:15:00Z", "updated" : "2023-10-05T14:52:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8e38b9f1-aaf7-4ae8-86ab-8d35e1a4f98b", "id" : "CVE-2023-1838", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.", "published" : "2023-04-05T19:15:00Z", "updated" : "2023-05-17T20:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "50d1c59b-745a-42ad-bc2b-31e1650fd88c", "id" : "CVE-2023-1859", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.", "published" : "2023-05-17T23:15:00Z", "updated" : "2023-05-25T17:13:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "84e1b703-c5d7-4e21-a823-347f8fc53bb1", "id" : "CVE-2023-1872", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.", "published" : "2023-04-12T16:15:00Z", "updated" : "2023-06-22T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8c29109f-43e9-4a4e-9417-ed6113091a8b", "id" : "CVE-2023-22995", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "description" : "In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.", "published" : "2023-02-28T05:15:00Z", "updated" : "2023-03-31T11:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6d0c8a11-9714-41d0-a7a1-da2aabd4161a", "id" : "CVE-2023-23000", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.", "published" : "2023-03-01T19:15:00Z", "updated" : "2023-03-31T11:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9f8fa566-5d3a-40b4-bdd3-edbb755e6eb3", "id" : "CVE-2022-0330", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 281 ], "description" : "A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.", "published" : "2022-03-25T19:15:00Z", "updated" : "2022-12-07T17:08:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9691d184-c2b0-4791-84f5-c65f00273053", "id" : "CVE-2022-0494", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:C/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 908 ], "description" : "A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality.", "published" : "2022-03-25T19:15:00Z", "updated" : "2023-07-21T17:07:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6973fed5-489d-4e87-b70f-cec1e61de21d", "id" : "CVE-2022-0516", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "description" : "A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.", "published" : "2022-03-10T17:44:00Z", "updated" : "2022-10-04T21:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cef9bad6-2ea2-4ea8-9057-ef35000f0e5b", "id" : "CVE-2022-1011", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.", "published" : "2022-03-18T18:15:00Z", "updated" : "2022-10-12T13:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ca6ab4e0-e800-4c95-ad74-6a610f05dc13", "id" : "CVE-2022-1198", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.", "published" : "2022-08-29T15:15:00Z", "updated" : "2022-09-06T18:23:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2b45308e-bdf2-491d-a9ab-24160f0eb19f", "id" : "CVE-2022-1204", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.", "published" : "2022-08-29T15:15:00Z", "updated" : "2022-09-02T19:41:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cada3b7f-5bfa-4462-9324-4f6d8c49a871", "id" : "CVE-2022-1353", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.6, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "description" : "A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.", "published" : "2022-04-29T16:15:00Z", "updated" : "2022-12-14T17:34:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cad219be-4a91-4566-80eb-66302f612650", "id" : "CVE-2022-27666", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.", "published" : "2022-03-23T06:15:00Z", "updated" : "2023-02-01T14:32:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f582cfb5-be26-43fa-9347-5d2629acdedb", "id" : "CVE-2023-2008", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 129 ], "description" : "A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.", "published" : "2023-04-14T21:15:00Z", "updated" : "2023-07-06T16:43:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6c92ed68-7ae8-45f1-baba-99cf571b761f", "id" : "CVE-2023-2177", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. If stream_in allocation is failed, stream_out is freed which would further be accessed. A local user could use this flaw to crash the system or potentially cause a denial of service.", "published" : "2023-04-20T21:15:00Z", "updated" : "2023-04-28T03:48:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bf65156c-55ef-4201-89d0-93efacc27dba", "id" : "CVE-2023-23004", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "published" : "2023-03-01T20:15:00Z", "updated" : "2023-05-03T01:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4d555453-b7d0-4bc4-a86d-2c5884eff1de", "id" : "CVE-2022-1852", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.", "published" : "2022-06-30T13:15:00Z", "updated" : "2022-10-26T17:08:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5b037ae3-75d0-4562-b741-5dc2b70c3e9b", "id" : "CVE-2022-2078", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 121 ], "description" : "A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.", "published" : "2022-06-30T13:15:00Z", "updated" : "2022-10-26T17:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c96a9511-9828-4ecd-b270-29f8241b9f22", "id" : "CVE-2022-2318", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.", "published" : "2022-07-06T19:15:00Z", "updated" : "2023-02-28T15:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5e029d85-f38c-4372-8360-4ac6654902f3", "id" : "CVE-2022-2503", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 287 ], "description" : "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5", "published" : "2022-08-12T11:15:00Z", "updated" : "2023-02-14T13:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "308ff83b-95b7-4995-9867-3dcb64f1fe40", "id" : "CVE-2022-2873", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 131 ], "description" : "An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.", "published" : "2022-08-22T15:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1b86ea1b-7257-4a64-95aa-b367b0d0928e", "id" : "CVE-2022-3077", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 120 ], "description" : "A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.", "published" : "2022-09-09T15:15:00Z", "updated" : "2022-09-15T15:35:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3ea1caee-839c-49c5-8b2b-b1c87d44fea0", "id" : "CVE-2023-2124", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.", "published" : "2023-05-15T22:15:00Z", "updated" : "2023-08-19T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cc6f2444-95c8-40ed-8092-d349364e1f9a", "id" : "CVE-2023-2163", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 682 ], "description" : "Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.", "published" : "2023-09-20T06:15:00Z", "updated" : "2023-09-22T02:02:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "19b96d8e-130d-47a7-84e6-ca5c22b7980e", "id" : "CVE-2023-2235", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.", "published" : "2023-05-01T13:15:00Z", "updated" : "2023-08-25T15:24:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5ce21c56-9653-4cc5-9427-5bcaa5764d32", "id" : "CVE-2023-22996", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 772 ], "description" : "In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.", "published" : "2023-02-28T21:15:00Z", "updated" : "2023-03-06T16:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ad2d6ada-e4a0-490a-ac13-2a8c0e6a43a4", "id" : "CVE-2023-22997", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "published" : "2023-02-28T21:15:00Z", "updated" : "2023-03-06T16:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c65b4ec0-446b-420f-851a-ad93f81d071d", "id" : "CVE-2023-22998", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 436 ], "description" : "In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "published" : "2023-02-28T21:15:00Z", "updated" : "2023-05-03T01:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "fb4efae9-990b-4fc4-844a-13b591a2767e", "id" : "CVE-2023-22999", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "published" : "2023-02-28T21:15:00Z", "updated" : "2023-03-06T16:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bbd77b1f-a223-4a96-872c-c6c1b35c5aeb", "id" : "CVE-2023-23001", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "published" : "2023-03-01T20:15:00Z", "updated" : "2023-03-13T14:28:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "edfe171a-8676-4bb9-a19e-cbeb9849d877", "id" : "CVE-2023-23002", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).", "published" : "2023-03-01T20:15:00Z", "updated" : "2023-03-13T15:02:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "25b9fcbe-315c-4a71-a559-5c16ddface85", "id" : "CVE-2022-26878", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).", "published" : "2022-03-11T07:15:00Z", "updated" : "2023-08-08T14:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f80fe7ac-ef37-4610-8c6b-3fb6437e8efa", "id" : "CVE-2023-23003", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 252 ], "description" : "In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.", "published" : "2023-03-01T20:15:00Z", "updated" : "2023-08-29T17:56:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a2d5a5d7-5278-4a89-8437-a990a6208175", "id" : "CVE-2022-0264", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 755 ], "description" : "A vulnerability was found in the Linux kernel's eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6", "published" : "2022-02-04T23:15:00Z", "updated" : "2022-11-16T13:46:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9cce17e5-a40f-47bc-88e7-5017a9a7e6c0", "id" : "CVE-2022-1195", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.", "published" : "2022-04-29T16:15:00Z", "updated" : "2022-12-14T17:23:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d818108f-7df4-4834-b0c8-ba0b626bfd67", "id" : "CVE-2023-23039", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().", "published" : "2023-02-22T17:15:00Z", "updated" : "2023-03-06T17:05:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "acb21aaa-7f31-4aa3-a741-d03dd9d97756", "id" : "CVE-2023-3567", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8042a8cf-52a1-48a8-b604-dde8e96e5231", "id" : "CVE-2023-23454", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 843 ], "description" : "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", "published" : "2023-01-12T07:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e8f4eef3-a336-4dac-acb6-51eafa82a268", "id" : "CVE-2023-23455", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 843 ], "description" : "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", "published" : "2023-01-12T07:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b41d182b-6ad6-4d4b-b8bc-52b9fa88516b", "id" : "CVE-2023-25012", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.", "published" : "2023-02-02T00:15:00Z", "updated" : "2023-05-03T01:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c3715e1a-e6bb-47ce-82d9-afca6376eafa", "id" : "CVE-2023-2513", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.", "published" : "2023-05-08T21:15:00Z", "updated" : "2023-05-15T17:56:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0e80f349-c3ec-4056-94d6-23b268e6f7db", "id" : "CVE-2023-26242", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 190 ], "description" : "afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.", "published" : "2023-02-21T01:15:00Z", "updated" : "2023-04-06T13:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5c0168af-36af-4cbd-9788-b8f353c087a7", "id" : "CVE-2023-26545", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.", "published" : "2023-02-25T04:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f091a5e5-3853-4cae-8cf3-e7df24e4f547", "id" : "CVE-2023-2860", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 125 ], "description" : "An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-08-03T18:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "717cbe67-9240-43fd-98dd-9662b6f6f331", "id" : "CVE-2023-28866", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.3, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "cwes" : [ 125 ], "description" : "In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.", "published" : "2023-03-27T01:15:00Z", "updated" : "2023-04-03T13:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ec2d832f-cbd9-4792-b990-cbfedb870497", "id" : "CVE-2023-30456", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "description" : "An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.", "published" : "2023-04-10T02:15:00Z", "updated" : "2023-07-26T17:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "80b3385a-1003-4cae-b45e-9ac8dd493037", "id" : "CVE-2023-30772", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.", "published" : "2023-04-16T04:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8e4cf317-6c9b-4cba-b6b6-245e976febb1", "id" : "CVE-2023-33203", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.", "published" : "2023-05-18T08:15:00Z", "updated" : "2023-05-26T16:52:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9e55e56d-cb36-447e-958f-472ac0212a47", "id" : "CVE-2023-33288", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.", "published" : "2023-05-22T03:15:00Z", "updated" : "2023-05-26T01:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "879f93ac-2d32-4136-a20f-41fd5aa15b17", "id" : "CVE-2023-3090", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.", "published" : "2023-06-28T20:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "43440026-affe-4adb-815a-134a18521e78", "id" : "CVE-2023-3141", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", "published" : "2023-06-09T20:15:00Z", "updated" : "2023-09-28T19:03:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6b1bf90c-e757-4a6b-b2b8-b209ed11783e", "id" : "CVE-2023-31436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.", "published" : "2023-04-28T02:15:00Z", "updated" : "2023-08-18T18:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d4a17365-7c2d-478b-bdce-c39e7e2c33df", "id" : "CVE-2023-32233", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.", "published" : "2023-05-08T20:15:00Z", "updated" : "2023-09-28T19:07:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ecafe90c-9e49-406e-bb6a-79a4c4bbd63d", "id" : "CVE-2023-32247", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-09-15T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "da3bb7d1-c650-4246-b109-0d653e4f5406", "id" : "CVE-2023-32248", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-09-15T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2e6adb66-a04b-4c17-8bf5-3a959475b6c5", "id" : "CVE-2023-32252", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-08-02T15:08:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1943a0bd-dec0-40c5-89cd-b51583923dc4", "id" : "CVE-2023-32257", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 667 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-09-15T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8d47a14c-3ee5-4be3-977f-2890f2a93ccd", "id" : "CVE-2023-32258", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 667 ], "description" : "A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-09-15T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "aaf76d8a-5e0a-4b56-891d-a4c8a61ec8c5", "id" : "CVE-2023-33951", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.3, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N" } ], "cwes" : [ 362, 667 ], "description" : "A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-08-02T15:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d2b89432-0a63-437f-91c3-5d71f357ed0f", "id" : "CVE-2023-33952", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 415 ], "description" : "A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-08-02T13:51:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4860f0c1-fe84-4491-b06f-072b7a143fa9", "id" : "CVE-2023-32269", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.", "published" : "2023-05-05T17:15:00Z", "updated" : "2023-05-11T23:04:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5da6d39f-a227-483f-81ce-69ec3bf14d70", "id" : "CVE-2023-3357", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.", "published" : "2023-06-28T22:15:00Z", "updated" : "2023-07-06T17:45:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ed547e07-0ffb-4449-ac69-813be11fcc47", "id" : "CVE-2023-3812", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.", "published" : "2023-07-24T16:15:00Z", "updated" : "2023-08-02T15:09:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d2799aee-e339-453b-b558-0f9f72fb6691", "id" : "CVE-2023-3389", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).", "published" : "2023-06-28T20:15:00Z", "updated" : "2023-09-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0d6cf4ec-6159-4056-8eb5-2c8c186483e5", "id" : "CVE-2023-3390", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.", "published" : "2023-06-28T21:15:00Z", "updated" : "2023-09-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "03c0d76a-35d2-4fad-aecf-016640c0e0f7", "id" : "CVE-2023-34256", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "** DISPUTED ** An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. NOTE: this is disputed by third parties because the kernel is not intended to defend against attackers with the stated \"When modifying the block device while it is mounted by the filesystem\" access.", "published" : "2023-05-31T20:15:00Z", "updated" : "2023-07-27T21:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "55a5fc9c-3e00-4df7-994c-4c366fbf958a", "id" : "CVE-2023-35788", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.", "published" : "2023-06-16T21:15:00Z", "updated" : "2023-09-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "359c4c9a-4fbe-4c29-ba26-708b5207d55d", "id" : "CVE-2023-35823", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.", "published" : "2023-06-18T22:15:00Z", "updated" : "2023-08-03T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f23149fe-7edd-4af0-a4d7-31a8861c5de4", "id" : "CVE-2023-35824", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.", "published" : "2023-06-18T22:15:00Z", "updated" : "2023-08-03T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cee380dd-45e5-4d83-bffe-268ecc91139c", "id" : "CVE-2023-35826", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.", "published" : "2023-06-18T22:15:00Z", "updated" : "2023-08-03T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7aaf5093-4ae4-4167-9561-0c5547c52a54", "id" : "CVE-2023-35828", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.", "published" : "2023-06-18T22:15:00Z", "updated" : "2023-08-03T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5c414035-50b5-481d-8595-38bb5a670c8a", "id" : "CVE-2023-35829", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.", "published" : "2023-06-18T22:15:00Z", "updated" : "2023-08-03T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7ff3f70c-e6a7-4094-96a1-f17c56650e64", "id" : "CVE-2023-35827", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.", "published" : "2023-06-18T22:15:00Z", "updated" : "2023-08-03T15:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a47e3107-4d2f-4ab3-8f30-65d77f68998d", "id" : "CVE-2023-38427", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 125, 191 ], "description" : "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-08-24T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c41df00d-f7bc-4dc2-9fd3-ff6660357fb9", "id" : "CVE-2023-38431", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.1, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-08-24T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "73205572-1369-48ac-b25b-fe4e43d2b777", "id" : "CVE-2023-3609", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.", "published" : "2023-07-21T21:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bb4aead2-9e0d-4ac0-8f59-537648e5bbd2", "id" : "CVE-2023-3610", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.", "published" : "2023-07-21T21:15:00Z", "updated" : "2023-08-18T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0f117ce6-72a4-46c5-b8ec-af15a9c6904b", "id" : "CVE-2023-3611", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.", "published" : "2023-07-21T21:15:00Z", "updated" : "2023-09-10T12:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "106c1a66-03ad-4472-ae85-14fa1f9391a2", "id" : "CVE-2023-37453", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.", "published" : "2023-07-06T17:15:00Z", "updated" : "2023-07-12T15:19:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "60a821fe-fb9d-4df3-be36-8e66c611b1b1", "id" : "CVE-2023-37454", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.", "published" : "2023-07-06T17:15:00Z", "updated" : "2023-09-07T16:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6c83c861-eb35-4804-aed6-4e4440b7aaf0", "id" : "CVE-2023-3776", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.", "published" : "2023-07-21T21:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ca136494-d64e-4c25-ad10-3f96488b6eb7", "id" : "CVE-2023-38409", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "description" : "An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).", "published" : "2023-07-17T22:15:00Z", "updated" : "2023-07-27T03:49:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b06440dd-0364-4eff-a230-94a42b794234", "id" : "CVE-2023-38426", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.1, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-09-15T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "57eea6cd-2374-4dc8-a70a-e8a5f590d004", "id" : "CVE-2023-38428", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.1, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-08-31T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ea8da10c-c212-4f1d-bb5d-4224ee5988f3", "id" : "CVE-2023-38429", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 193 ], "description" : "An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-07-27T16:11:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e7706d44-39e8-43ad-8fbe-06966d5cef3f", "id" : "CVE-2023-38430", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.1, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-08-31T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e5f617c1-79e7-4080-a99b-9bed196acaf7", "id" : "CVE-2023-38432", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.1, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.", "published" : "2023-07-18T00:15:00Z", "updated" : "2023-08-31T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1f3656b8-dd2a-4fd5-9de0-8ed00ef994ed", "id" : "CVE-2023-39189", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.0, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", "published" : "2023-10-09T18:15:00Z", "updated" : "2023-10-11T19:47:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c631790a-16d5-4e82-adb9-767a96094189", "id" : "CVE-2023-39192", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.0, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", "published" : "2023-10-09T18:15:00Z", "updated" : "2023-10-11T20:48:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "af9709f7-bb90-4d6a-8c4e-934bb00bfc19", "id" : "CVE-2023-39193", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.0, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", "published" : "2023-10-09T18:15:00Z", "updated" : "2023-10-11T20:46:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c8b853a3-d62f-4801-83d5-1ece17f882f2", "id" : "CVE-2023-42754", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.", "published" : "2023-10-05T19:15:00Z", "updated" : "2023-10-11T17:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "06d4147b-6544-4ddf-95d2-9a36267e466a", "id" : "CVE-2023-42756", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362 ], "description" : "A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.", "published" : "2023-09-28T14:15:00Z", "updated" : "2023-10-10T03:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6aee7796-fdc3-4156-8ebf-03f91115bdb1", "id" : "CVE-2023-5345", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.", "published" : "2023-10-03T03:15:00Z", "updated" : "2023-10-10T03:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "307ef0fd-57b1-478b-9eb8-8eaa51c88404", "id" : "CVE-2023-4015", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2.", "published" : "2023-09-06T14:15:00Z", "updated" : "2023-09-11T17:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3e4d8fc9-8a4b-4440-bcc6-cd5383a44464", "id" : "CVE-2023-42753", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", "published" : "2023-09-25T21:15:00Z", "updated" : "2023-09-27T15:19:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0c309e58-d50d-4a55-a355-d2a512bd0452", "id" : "CVE-2023-40283", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.", "published" : "2023-08-14T03:15:00Z", "updated" : "2023-10-11T19:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d6249011-966c-4cba-a7bf-a153c9832f99", "id" : "CVE-2023-4132", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.", "published" : "2023-08-03T15:15:00Z", "updated" : "2023-09-10T12:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7e40689a-0efa-4050-a958-7d5db05053e8", "id" : "CVE-2023-4194", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "cwes" : [ 863 ], "description" : "A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (\"tun: tun_chr_open(): correctly initialize socket uid\"), - 66b2c338adce (\"tap: tap_open(): correctly initialize socket uid\"), pass \"inode->i_uid\" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.", "published" : "2023-08-07T14:15:00Z", "updated" : "2023-09-10T12:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7497b4c3-d6a2-49f7-8781-c9fe81f602a5", "id" : "CVE-2023-4385", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.", "published" : "2023-08-16T17:15:00Z", "updated" : "2023-08-22T22:45:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "874e47a8-5947-4ce6-a1c6-e299d7bd5dc5", "id" : "CVE-2023-4389", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.", "published" : "2023-08-16T19:15:00Z", "updated" : "2023-08-22T22:51:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "dd8d60da-9878-4bc5-bdd4-cec91b1d8e60", "id" : "CVE-2023-44466", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 120 ], "description" : "An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.", "published" : "2023-09-29T06:15:00Z", "updated" : "2023-10-02T20:01:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7f1f9336-a8c3-4391-b183-ca8ab7508f52", "id" : "CVE-2023-4622", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.", "published" : "2023-09-06T14:15:00Z", "updated" : "2023-09-11T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "86d7447e-4521-47d0-8e2b-60212d958242", "id" : "CVE-2023-4921", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.", "published" : "2023-09-12T20:15:00Z", "updated" : "2023-09-14T19:38:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2e9b0772-47e2-4c89-a8c6-c27f668993e6", "id" : "CVE-2023-5197", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.", "published" : "2023-09-27T15:19:00Z", "updated" : "2023-10-11T16:23:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a847819a-c7c5-449d-b2c3-c5ba11d8ab9f", "id" : "CVE-2022-0382", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 909 ], "description" : "An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1.", "published" : "2022-02-11T18:15:00Z", "updated" : "2022-12-02T19:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f96aadb7-81ba-4c29-bd3b-0b206bb1f850", "id" : "CVE-2022-25265", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 913 ], "description" : "In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.", "published" : "2022-02-16T21:15:00Z", "updated" : "2022-05-11T14:08:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5dff99c4-ebdd-416b-94bb-a2a905cb7d48", "id" : "CVE-2022-0433", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.", "published" : "2022-03-10T17:44:00Z", "updated" : "2022-03-16T15:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9d9deb12-9ab3-4440-ad1e-71cc62018347", "id" : "CVE-2022-0854", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 401 ], "description" : "A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space.", "published" : "2022-03-23T20:15:00Z", "updated" : "2022-10-14T12:53:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a2480104-9f6e-4d49-bfe2-d72209aa3431", "id" : "CVE-2022-0617", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2.", "published" : "2022-02-16T17:15:00Z", "updated" : "2022-05-11T14:30:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f42a06c9-21ce-46d9-871c-6900baac0325", "id" : "CVE-2022-1015", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "cwes" : [ 787 ], "description" : "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.", "published" : "2022-04-29T16:15:00Z", "updated" : "2023-02-23T10:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "eb000a0e-1dcb-46c1-8756-f217fd456fc8", "id" : "CVE-2022-1016", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 909 ], "description" : "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.", "published" : "2022-08-29T15:15:00Z", "updated" : "2023-06-27T15:47:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "167b3874-5d27-4699-8faf-c0d238f62235", "id" : "CVE-2022-1055", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5", "published" : "2022-03-29T15:15:00Z", "updated" : "2022-10-19T17:40:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "78b1d01b-d2be-468e-8467-c1af4d99705e", "id" : "CVE-2022-1199", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476, 416 ], "description" : "A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.", "published" : "2022-08-29T15:15:00Z", "updated" : "2023-02-02T17:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7ab3ff52-d89a-4006-8adf-1416e4f2e457", "id" : "CVE-2022-1205", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.", "published" : "2022-08-31T16:15:00Z", "updated" : "2022-09-06T19:33:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f55c145f-68e2-4a2e-a36b-a3fbb6cdb793", "id" : "CVE-2022-2196", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "cwes" : [ 1188 ], "description" : "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a", "published" : "2023-01-09T11:15:00Z", "updated" : "2023-08-18T18:56:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7b3d54db-0826-44b9-9d27-e41d646aa7e9", "id" : "CVE-2022-24448", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 1.9, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.3, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "cwes" : [ 755, 908 ], "description" : "An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor.", "published" : "2022-02-04T20:15:00Z", "updated" : "2023-08-08T14:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6989f61b-372f-4454-ae58-6f2396efe5e2", "id" : "CVE-2022-24959", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.", "published" : "2022-02-11T06:15:00Z", "updated" : "2022-05-11T14:44:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4c34cb69-7194-4255-bf9a-7e4fbf936bc9", "id" : "CVE-2022-24958", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 763 ], "description" : "drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.", "published" : "2022-02-11T06:15:00Z", "updated" : "2023-02-01T15:50:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5adbc3f6-2b3c-46da-9dad-d78ef18cfead", "id" : "CVE-2022-25258", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.", "published" : "2022-02-16T20:15:00Z", "updated" : "2022-12-07T02:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6d2d42de-6fa9-48bc-b161-81049d360a51", "id" : "CVE-2022-25375", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 1284 ], "description" : "An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.", "published" : "2022-02-20T20:15:00Z", "updated" : "2023-08-08T14:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bc4140d7-7860-4bbc-95ba-755d08a59d13", "id" : "CVE-2022-26490", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 120 ], "description" : "st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.", "published" : "2022-03-06T04:15:00Z", "updated" : "2023-01-20T02:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1b71c9d5-260f-40be-92b7-68c43559fe96", "id" : "CVE-2022-26966", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "description" : "An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.", "published" : "2022-03-12T22:15:00Z", "updated" : "2022-12-22T20:35:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "89ed42db-cf71-4f20-baad-e1405b7d046c", "id" : "CVE-2022-27223", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 129 ], "description" : "In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.", "published" : "2022-03-16T00:15:00Z", "updated" : "2023-01-19T03:24:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f8fa5e1a-f2c9-43a3-984e-e5f434c840f5", "id" : "CVE-2022-2785", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 125 ], "description" : "There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c", "published" : "2022-09-23T11:15:00Z", "updated" : "2022-09-26T17:26:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "33d8e9ee-0dad-4c95-843c-8b3ed0649416", "id" : "CVE-2022-27950", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.", "published" : "2022-03-28T04:15:00Z", "updated" : "2022-04-05T13:08:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ab3306f9-dd1b-4a17-803e-6c06fd8646cb", "id" : "CVE-2022-28356", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "description" : "In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.", "published" : "2022-04-02T21:15:00Z", "updated" : "2023-02-03T23:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5b21845b-c323-47ac-8d74-9e8f61f4b6fa", "id" : "CVE-2022-28388", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.", "published" : "2022-04-03T21:15:00Z", "updated" : "2023-01-03T15:11:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0e2d70e9-576a-47e7-a935-657a92f0f0d8", "id" : "CVE-2022-28389", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.", "published" : "2022-04-03T21:15:00Z", "updated" : "2023-01-03T15:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "137f038b-3f1a-4e07-b9b8-1b3e3253329d", "id" : "CVE-2022-28390", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 415 ], "description" : "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.", "published" : "2022-04-03T21:15:00Z", "updated" : "2023-02-01T15:11:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ddecc3af-b227-48f2-9f64-77f21d22d9df", "id" : "CVE-2022-29582", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:C/I:C/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.", "published" : "2022-04-22T16:15:00Z", "updated" : "2023-08-08T14:21:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d7195fa7-e724-4e3b-83bf-275bb1cbe8b0", "id" : "CVE-2022-29968", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 909 ], "description" : "An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.", "published" : "2022-05-02T04:15:00Z", "updated" : "2023-02-10T02:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9daf07f7-6c1c-43e2-aed1-3561cf204333", "id" : "CVE-2022-3104", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:32:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2837ad4c-3dfc-434a-b200-3ed9421c8a20", "id" : "CVE-2022-3105", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. uapi_finalize in drivers/infiniband/core/uverbs_uapi.c lacks check of kmalloc_array().", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:33:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cc25ccef-2739-4a0a-a4ab-fc165d6cd532", "id" : "CVE-2022-3106", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:35:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c1b14032-ceed-4c4a-8ce3-0533547f87fd", "id" : "CVE-2022-3107", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:35:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "da899f5e-eb67-4f15-813d-fc45ec265384", "id" : "CVE-2022-3108", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 252 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "37e00530-7889-4c2a-81f0-603b28568b6d", "id" : "CVE-2022-3110", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:40:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "fb7c473e-9c14-444d-b8f7-5c9ea51acc26", "id" : "CVE-2022-3111", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. free_charger_irq() in drivers/power/supply/wm8350_power.c lacks free of WM8350_IRQ_CHG_FAST_RDY, which is registered in wm8350_init_charger().", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:14:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3570d8d5-2814-4b18-b150-00178fe23502", "id" : "CVE-2022-3112", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:17:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "17c73f87-0ec4-42d3-b13b-f6618e54175c", "id" : "CVE-2022-3113", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b3dd0097-64da-4c64-87a2-ccf17da89a7d", "id" : "CVE-2022-3114", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:23:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9fff03c0-d588-4a53-9f77-1e478ecfbec7", "id" : "CVE-2022-3115", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.", "published" : "2022-12-14T21:15:00Z", "updated" : "2022-12-16T21:24:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8c5132f0-2b1e-4ae1-878e-6df375965f3d", "id" : "CVE-2022-32296", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.3, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "cwes" : [ 330 ], "description" : "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.", "published" : "2022-06-05T22:15:00Z", "updated" : "2023-08-08T14:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f848a7f5-d7b6-469e-a2f6-e006fd6f77e8", "id" : "CVE-2022-32981", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 120 ], "description" : "An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.", "published" : "2022-06-10T20:15:00Z", "updated" : "2022-06-27T15:35:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e7333d69-612d-4c59-8c62-bfca8c044f24", "id" : "CVE-2022-3533", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 404, 401 ], "description" : "A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031.", "published" : "2022-10-17T09:15:00Z", "updated" : "2023-07-20T17:58:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ef9f75bc-d1df-4bb8-9b6d-115e41fb19f5", "id" : "CVE-2022-3606", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476, 404 ], "description" : "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.", "published" : "2022-10-19T09:15:00Z", "updated" : "2023-07-20T18:00:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "64614686-86ae-4d20-b5e5-389af1e40232", "id" : "CVE-2022-48502", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.", "published" : "2023-05-31T20:15:00Z", "updated" : "2023-07-03T16:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "aea96981-699c-453a-983e-8e0d0748179e", "id" : "CVE-2022-3543", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 404, 401 ], "description" : "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043.", "published" : "2022-10-17T12:15:00Z", "updated" : "2022-10-19T05:18:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "227e2657-ad81-4d30-9862-5b817b8ec137", "id" : "CVE-2022-3594", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.3, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "cwes" : [ 404, 779 ], "description" : "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.", "published" : "2022-10-18T20:15:00Z", "updated" : "2023-03-01T18:54:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2d84df8f-4b67-42b4-9bb9-9d32945cd0c4", "id" : "CVE-2022-3595", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.", "published" : "2022-10-18T20:15:00Z", "updated" : "2022-10-20T15:36:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b024c7be-5ff7-4764-a1c2-dfb2f6d90a35", "id" : "CVE-2022-3707", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.", "published" : "2023-03-06T23:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2f704d6f-0ad2-4ed0-bc40-a0e2bc1e6153", "id" : "CVE-2022-45869", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362 ], "description" : "A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.", "published" : "2022-11-30T05:15:00Z", "updated" : "2023-06-06T13:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "79ee1d07-dcbf-42c7-af30-13b6152d7456", "id" : "CVE-2022-3544", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 404, 401 ], "description" : "A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044.", "published" : "2022-10-17T12:15:00Z", "updated" : "2022-10-19T04:27:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "068ebea7-6143-40e5-999a-154b0b8d00d2", "id" : "CVE-2022-3586", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.", "published" : "2022-10-19T18:15:00Z", "updated" : "2022-11-04T19:14:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ada5d622-4b64-4096-84a1-491ce61ec596", "id" : "CVE-2022-42328", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 667 ], "description" : "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", "published" : "2022-12-07T01:15:00Z", "updated" : "2023-01-10T19:40:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e46b7275-3536-40ee-9440-509ca886c607", "id" : "CVE-2022-42329", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 667 ], "description" : "Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", "published" : "2022-12-07T01:15:00Z", "updated" : "2023-01-10T19:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d236f563-ff7b-4aad-abd5-a79ee4816970", "id" : "CVE-2022-4662", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 455 ], "description" : "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.", "published" : "2022-12-22T22:15:00Z", "updated" : "2023-01-04T17:38:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "6af09e0f-6425-4c83-8c85-0f65033d25d9", "id" : "CVE-2022-4379", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial", "published" : "2023-01-10T22:15:00Z", "updated" : "2023-06-26T16:55:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4201df8a-d55f-4705-897b-8b53531a7117", "id" : "CVE-2022-3521", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.5, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "cwes" : [ 362 ], "description" : "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.", "published" : "2022-10-16T10:15:00Z", "updated" : "2023-02-23T15:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d51ad2fa-6a64-472b-bbac-824878cdf048", "id" : "CVE-2022-39188", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362 ], "description" : "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.", "published" : "2022-09-02T05:15:00Z", "updated" : "2022-11-21T19:45:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "764aea4e-ee9f-4c69-9223-8a13f245f52a", "id" : "CVE-2022-39842", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.1, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H" } ], "cwes" : [ 190 ], "description" : "** DISPUTED ** An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. NOTE: the original discoverer disputes that the overflow can actually happen.", "published" : "2022-09-05T07:15:00Z", "updated" : "2023-03-01T16:31:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ad8a55d4-394a-43ee-b15c-e839c63a7307", "id" : "CVE-2022-4127", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service.", "published" : "2022-11-28T22:15:00Z", "updated" : "2022-12-01T19:14:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b9fbbc17-d98e-4ab0-a5b3-8ecd4d3f8c6a", "id" : "CVE-2021-33655", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.", "published" : "2022-07-18T15:15:00Z", "updated" : "2022-10-29T02:52:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cedd8f56-553f-4f3d-b402-9e61444b32c5", "id" : "CVE-2021-44879", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.3, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.", "published" : "2022-02-14T12:15:00Z", "updated" : "2022-02-22T18:26:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "333add41-09e4-49d6-ab4c-dca829e73476", "id" : "CVE-2021-4002", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.6, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "cwes" : [ 401 ], "description" : "A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.", "published" : "2022-03-03T22:15:00Z", "updated" : "2023-02-22T17:46:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9eb232b9-a354-4d1a-8cae-2eaea8be7c50", "id" : "CVE-2021-4090", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:C/I:C/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "cwes" : [ 787 ], "description" : "An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.", "published" : "2022-02-18T18:15:00Z", "updated" : "2022-12-13T20:40:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0cab0c91-dcc0-440d-a658-81a50bbf69b2", "id" : "CVE-2021-4135", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 401 ], "description" : "A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data.", "published" : "2022-07-14T20:15:00Z", "updated" : "2022-07-20T14:05:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c83413bf-f747-4e53-a1be-afe492f4cf8b", "id" : "CVE-2021-4155", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 131 ], "description" : "A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.", "published" : "2022-08-24T16:15:00Z", "updated" : "2022-08-29T13:39:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bc2e6de4-af26-44c5-8fe1-29cf8a3babd7", "id" : "CVE-2021-45402", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 668 ], "description" : "The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a \"pointer leak.\"", "published" : "2022-02-11T15:15:00Z", "updated" : "2022-02-23T18:12:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "56d307e2-e378-46fb-a6e0-fa61981457b6", "id" : "CVE-2021-4095", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 1.9, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1.", "published" : "2022-03-10T17:44:00Z", "updated" : "2022-07-28T18:01:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1bdcdf8b-5d03-498c-b25e-498ce1931c79", "id" : "CVE-2020-35501", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.6, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.4, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "description" : "A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem", "published" : "2022-03-30T16:15:00Z", "updated" : "2022-12-02T19:54:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "c64bf558-dbde-4fa6-bd93-6f80eb55e17f", "id" : "CVE-2022-3344", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 440 ], "description" : "A flaw was found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0).", "published" : "2022-10-25T17:15:00Z", "updated" : "2022-10-28T19:23:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "944fd4e7-8022-4f0f-a4e7-5efa54fc337f", "id" : "CVE-2022-33743", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "description" : "network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.", "published" : "2022-07-05T13:15:00Z", "updated" : "2022-11-05T03:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d1f843c7-4d49-4e01-a9fa-8b2fc24fae30", "id" : "CVE-2022-33744", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 1.9, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "description" : "Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.", "published" : "2022-07-05T13:15:00Z", "updated" : "2022-10-29T02:50:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9495d938-aae4-4cad-858d-98339cdfcae9", "id" : "CVE-2022-33981", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.3, "severity" : "low", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "cwes" : [ 416 ], "description" : "drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.", "published" : "2022-06-18T16:15:00Z", "updated" : "2022-11-05T02:28:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2e9c0cb6-1b26-4a35-a536-6199b644ba71", "id" : "CVE-2022-34494", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.", "published" : "2022-06-26T16:15:00Z", "updated" : "2022-07-08T03:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "87264f27-fbf3-46fc-a4ac-5aa9f6ea7cbe", "id" : "CVE-2022-34495", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.", "published" : "2022-06-26T16:15:00Z", "updated" : "2022-07-08T03:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f96e2243-5007-4789-99b8-0895f857a5a6", "id" : "CVE-2022-36123", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "description" : "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.", "published" : "2022-07-29T14:15:00Z", "updated" : "2022-09-04T19:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b0f8abc5-bf78-4ed4-a4be-66964d51a8b5", "id" : "CVE-2022-36879", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "description" : "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.", "published" : "2022-07-27T04:15:00Z", "updated" : "2022-11-04T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "0a4f8452-50c7-497f-a08a-58f0d66c43e2", "id" : "CVE-2022-38096", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", "published" : "2022-09-09T15:15:00Z", "updated" : "2022-09-14T21:18:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "299441d1-db03-4dda-9e89-0849efb63c44", "id" : "CVE-2022-38457", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", "published" : "2022-09-09T15:15:00Z", "updated" : "2023-04-17T16:45:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "434290d6-517d-468a-aa0f-34004e0ed38b", "id" : "CVE-2022-40133", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", "published" : "2022-09-09T15:15:00Z", "updated" : "2023-04-17T16:44:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "a6a1820d-c3a0-4f12-9f1a-7c26a1a02108", "id" : "CVE-2022-39190", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "description" : "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.", "published" : "2022-09-02T05:15:00Z", "updated" : "2023-08-08T14:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "cc00f78b-2a52-4848-a471-17d7a435e27d", "id" : "CVE-2022-40307", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362 ], "description" : "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.", "published" : "2022-09-09T05:15:00Z", "updated" : "2023-08-08T14:21:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "b6b399bc-8597-415f-ab60-769d7d2749b6", "id" : "CVE-2022-40768", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 908 ], "description" : "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.", "published" : "2022-09-18T05:15:00Z", "updated" : "2023-08-08T14:22:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f126d589-0b50-412e-a74c-db5a4c0e722c", "id" : "CVE-2022-41218", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.", "published" : "2022-09-21T07:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3b2bfd3d-7b1c-4834-8db8-b8f476dbc1b5", "id" : "CVE-2022-41848", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.2, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362, 416 ], "description" : "drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.", "published" : "2022-09-30T06:15:00Z", "updated" : "2022-10-04T15:09:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "1d6c433e-f753-427b-9da4-6666f752d1fa", "id" : "CVE-2022-41849", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.2, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362, 416 ], "description" : "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.", "published" : "2022-09-30T06:15:00Z", "updated" : "2023-02-23T15:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "917dfe10-83c9-4918-b1e7-9b77501d9fa5", "id" : "CVE-2022-41850", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362, 416 ], "description" : "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.", "published" : "2022-09-30T06:15:00Z", "updated" : "2023-02-23T15:42:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bb30c270-4c36-46c7-8bd7-f9721c17ce26", "id" : "CVE-2022-42703", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 416 ], "description" : "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", "published" : "2022-10-09T23:15:00Z", "updated" : "2023-02-03T20:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "439727a8-78f9-4906-99af-82c10396ac00", "id" : "CVE-2022-42721", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 835 ], "description" : "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.", "published" : "2022-10-14T00:15:00Z", "updated" : "2023-02-03T10:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bedfa746-07e7-48ba-a2f3-4e3c487ed709", "id" : "CVE-2022-42722", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.", "published" : "2022-10-14T00:15:00Z", "updated" : "2023-02-03T10:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "84ad7ac3-15c3-407e-9c63-5cd1b8d98f78", "id" : "CVE-2022-43945", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 770 ], "description" : "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "published" : "2022-11-04T19:15:00Z", "updated" : "2023-03-08T18:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "69181474-05f4-4e33-805a-0ee7e8386e28", "id" : "CVE-2022-44032", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().", "published" : "2022-10-30T01:15:00Z", "updated" : "2022-11-01T14:45:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "01806c2f-d45e-43fd-a143-199b3c1304da", "id" : "CVE-2022-44033", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().", "published" : "2022-10-30T01:15:00Z", "updated" : "2022-11-01T13:58:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2beda899-cb7f-47bd-a7a5-ee11ef8fd6a8", "id" : "CVE-2022-44034", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362 ], "description" : "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().", "published" : "2022-10-30T01:15:00Z", "updated" : "2022-11-01T14:55:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4ab6ebbc-1b4b-4133-bf7c-0405f83a5797", "id" : "CVE-2022-4543", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A flaw named \"EntryBleed\" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.", "published" : "2023-01-11T15:15:00Z", "updated" : "2023-01-19T18:38:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "5c325fc7-202c-4111-9bf9-bb42ef06c5cb", "id" : "CVE-2021-3669", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 770 ], "description" : "A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.", "published" : "2022-08-26T16:15:00Z", "updated" : "2023-07-07T19:16:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "d7eb4f81-ef27-4756-a2e3-18e1e932b5fe", "id" : "CVE-2020-25672", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 401 ], "description" : "A memory leak vulnerability was found in Linux kernel in llcp_sock_connect", "published" : "2021-05-25T20:15:00Z", "updated" : "2023-02-12T23:40:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2f4533cf-9f51-4ef2-b311-1d5c3cc68cd4", "id" : "CVE-2010-0298", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:P/A:P)" } ], "cwes" : [ 264 ], "description" : "The x86 emulator in KVM 83 does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) in determining the memory access available to CPL3 code, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, a related issue to CVE-2010-0306.", "published" : "2010-02-12T19:30:00Z", "updated" : "2017-09-19T01:30:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "2c2152bb-0868-4708-83a3-aba427445209", "id" : "CVE-2010-4563", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)" } ], "cwes" : [ 200 ], "description" : "The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.", "published" : "2012-02-02T17:55:00Z", "updated" : "2012-02-03T05:00:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "04492436-4cf7-4e23-8ca6-79a170cb4931", "id" : "CVE-2007-4998", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:C/I:C/A:C)" } ], "cwes" : [ 59 ], "description" : "cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.", "published" : "2008-01-31T21:00:00Z", "updated" : "2008-11-15T06:59:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4adb93e1-1c84-43ae-b2a9-e94f938c8101", "id" : "CVE-1999-0656", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:N/A:N)" } ], "cwes" : [ 16 ], "description" : "The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.", "published" : "1999-01-01T05:00:00Z", "updated" : "2017-07-11T01:29:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "bbc1b318-94df-49fb-88c6-c53a79de7867", "id" : "CVE-2022-45884", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.", "published" : "2022-11-25T04:15:00Z", "updated" : "2023-01-20T20:18:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "40e8b11e-0c01-4299-b767-e53c29489ded", "id" : "CVE-2022-45885", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.", "published" : "2022-11-25T04:15:00Z", "updated" : "2023-01-20T20:19:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "dbbcdae7-0626-4b2a-aa32-79284ac2871a", "id" : "CVE-2022-45886", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.", "published" : "2022-11-25T04:15:00Z", "updated" : "2023-01-20T20:19:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f800ca1a-caa6-4a8a-b49d-48654fe659d7", "id" : "CVE-2022-45887", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 362, 772 ], "description" : "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.", "published" : "2022-11-25T04:15:00Z", "updated" : "2023-01-20T20:19:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "7d3cf8b8-796d-4302-be2b-6957023151ab", "id" : "CVE-2022-45888", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 362, 416 ], "description" : "An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.", "published" : "2022-11-25T04:15:00Z", "updated" : "2023-01-20T20:20:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "30d427c7-f586-40f6-8dc9-cfd59c1dc8cf", "id" : "CVE-2022-45919", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.", "published" : "2022-11-27T02:15:00Z", "updated" : "2023-02-01T15:07:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "08efedba-8b9e-4dd9-b790-0f6526cb1a1c", "id" : "CVE-2022-47929", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 476 ], "description" : "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.", "published" : "2023-01-17T21:15:00Z", "updated" : "2023-05-03T14:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "be7c0b54-4ceb-4620-b4d8-bbeda3e95d2e", "id" : "CVE-2022-47938", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.", "published" : "2022-12-23T16:15:00Z", "updated" : "2023-01-23T18:55:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "99e26f2f-57a6-4402-85be-3c758fc07a27", "id" : "CVE-2022-47940", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 8.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.", "published" : "2022-12-23T16:15:00Z", "updated" : "2022-12-30T15:52:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "470db4df-260e-49c8-ae9b-2697cb6bc690", "id" : "CVE-2022-48423", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 787 ], "description" : "In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.", "published" : "2023-03-19T03:15:00Z", "updated" : "2023-08-08T14:21:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "f851ab76-c3e6-42f2-90ec-b7621db0b80d", "id" : "CVE-2022-48425", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 763 ], "description" : "In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.", "published" : "2023-03-19T03:15:00Z", "updated" : "2023-04-13T17:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3c535940-05ac-48e5-af0b-3255f54c4321", "id" : "CVE-2021-20194", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.6, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 20 ], "description" : "There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.", "published" : "2021-02-23T23:15:00Z", "updated" : "2023-02-12T22:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "e036aa5a-fb0a-4d20-a571-e56c745a95f2", "id" : "CVE-2021-3564", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 2.1, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 415 ], "description" : "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.", "published" : "2021-06-08T12:15:00Z", "updated" : "2023-02-12T23:41:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3f31947f-8e55-4a1b-b252-03a9fdb41ff8", "id" : "CVE-2021-3743", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 3.6, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:N/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.1, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "cwes" : [ 125 ], "description" : "An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.", "published" : "2022-03-04T16:15:00Z", "updated" : "2023-02-24T15:14:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "ddffebf3-aa77-4d31-a40f-246d165a8127", "id" : "CVE-2021-3847", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.2, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:C/I:C/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 281 ], "description" : "An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.", "published" : "2022-04-01T23:15:00Z", "updated" : "2022-04-11T20:31:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "560d9206-de8c-4bbe-93f3-6b4a4fceb8af", "id" : "CVE-2020-27815", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.1, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:P/I:P/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.8, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 119 ], "description" : "A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "published" : "2021-05-26T13:15:00Z", "updated" : "2023-07-28T19:32:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "72607a78-06ce-4958-9a40-7145169c5796", "id" : "CVE-2019-3016", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 1.9, "severity" : "low", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 362 ], "description" : "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.", "published" : "2020-01-31T20:15:00Z", "updated" : "2020-06-10T20:15:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "4cabb76f-b43f-4cc1-8922-14bf70e553ac", "id" : "CVE-2019-3887", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:M/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 5.6, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H" } ], "cwes" : [ 863 ], "description" : "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0's APIC register values via L2 guest, when 'virtualize x2APIC mode' is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.", "published" : "2019-04-09T16:29:00Z", "updated" : "2023-02-12T23:38:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "3a27576f-f470-4351-ad2f-d901c1154382", "id" : "CVE-2019-3819", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.9, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:L/AC:L/Au:N/C:N/I:N/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.4, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "cwes" : [ 835 ], "description" : "A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.", "published" : "2019-01-25T18:29:00Z", "updated" : "2020-10-19T17:43:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "826b9a3f-d725-4f93-96b7-caa6a8dbdf99", "id" : "CVE-2014-9940", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.6, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:H/Au:N/C:C/I:C/A:C)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.0, "severity" : "high", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "cwes" : [ 416 ], "description" : "The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.", "published" : "2017-05-02T21:59:00Z", "updated" : "2023-09-28T22:06:00Z", "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "9c33af65-ddac-4c69-9443-ad845504dcc2", "id" : "CVE-2023-20583", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.7, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.", "published" : "2023-08-01T19:15:00Z", "updated" : "2023-08-04T17:31:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "48602a80-cceb-49de-9501-a6336071f818", "id" : "CVE-2022-24436", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 4.0, "severity" : "medium", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:S/C:P/I:N/A:N)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 6.5, "severity" : "medium", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "cwes" : [ 203 ], "description" : "Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.", "published" : "2022-06-15T21:15:00Z", "updated" : "2022-06-28T15:05:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] }, { "bom-ref" : "8987fee0-d3d7-4445-9776-b04d295de9af", "id" : "CVE-2021-45967", "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "ratings" : [ { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 7.5, "severity" : "high", "method" : "CVSSv2", "vector" : "(AV:N/AC:L/Au:N/C:P/I:P/A:P)" }, { "source" : { "name" : "NVD", "url" : "https://nvd.nist.gov/" }, "score" : 9.8, "severity" : "critical", "method" : "CVSSv3", "vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "cwes" : [ 22 ], "description" : "An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.", "published" : "2022-03-18T05:15:00Z", "updated" : "2022-07-12T17:42:00Z", "analysis" : { "state" : "resolved" }, "affects" : [ { "ref" : "36988072-7aa2-4382-a005-4dfad8a8c31d" } ] } ] }