An issue related to specifically crafted certificate names significantly slowed down server operations. NOTE: this issue exists because of a CVE-2019-19921 regression.Ī Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. Runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver implementation instead. A patch is available as commit `d1c5e4d` in the `master` branch. The difference is that this issue is in parsing the query record `parse_query()`, while the issue in CVE-2022-24793 is in `parse_rr()`. This vulnerability is related to CVE-2022-24793. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. PJSIP is a free and open source multimedia communication library written in C. Netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |