Share: Email | Twitter

ID

VDE-2023-013

Published

2023-07-10 12:00 (CEST)

Last update

2023-07-03 14:50 (CEST)

Vendor(s)

Festo Didactic SE

Product(s)

Article No° Product Name Affected Version(s)
FactoryViews < 1.6.0
FactoryViews Lite <= 1.1

Summary

FactoryViews bundles many third-party applications which are used in background processes to provide the software's features. From time to time, vulnerabilities in these bundled applications are discovered. These are typically fixed in newer versions of FactoryViews by updating the bundled applications.

FactoryViews versions up to and including 1.5.2 contain around 200 such vulnerabilities listed in this advisory.
Version 1.6.0 is a security rollup release which includes updates to all bundled applications and fixes these vulnerabilities.

At this time, FactoryViews Lite cannot be updated beyond version 1.1.
FactoryViews 1.7 will unify non-Lite and Lite versions and fix these vulnerabilities for users of FactoryViews Lite.

Vulnerabilities



Last Update
June 27, 2023, 2:32 p.m.
Weakness
Use of Uninitialized Resource (CWE-908)
Summary
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
Last Update
June 27, 2023, 2:30 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CWE-1321)
Summary
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Null Termination (CWE-170)
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Double Free (CWE-415)
Summary
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Last Update
June 27, 2023, 2:28 p.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
Last Update
June 27, 2023, 2:28 p.m.
Weakness
Use After Free (CWE-416)
Summary
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
Last Update
June 27, 2023, 2:29 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
Summary
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Buffer Over-read (CWE-126)
Summary
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Stack-based Buffer Overflow (CWE-121)
Summary
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-9r2w-394v-53qc.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include a directory with one form of the path, followed by a symbolic link with a different string that resolves to the same file system entity, followed by a file using the first form. By first creating a directory, and then replacing that directory with a symlink that had a different apparent name that resolved to the same entry in the filesystem, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. If this is not possible, a workaround is available in the referenced GHSA-qq89-hq3f-393p.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary
The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, and 6.1.9 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability. node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory. This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory. Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path. This only affects users of `node-tar` on Windows systems. These issues were addressed in releases 4.4.18, 5.0.10 and 6.1.9. The v3 branch of node-tar has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of node-tar. There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does. Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Modification of Assumed-Immutable Data (MAID) (CWE-471)
Summary
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Access Control (CWE-284)
Summary
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary
The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4.14, and 3.3.2 has a arbitrary File Creation/Overwrite vulnerability due to insufficient absolute path sanitization. node-tar aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. This logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. `///home/user/.bashrc`) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.2, 4.4.14, 5.0.6 and 6.1.1. Users may work around this vulnerability without upgrading by creating a custom `onentry` method which sanitizes the `entry.path` or a `filter` method which removes entries with absolute paths. See referenced GitHub Advisory for details. Be aware of CVE-2021-32803 which fixes a similar bug in later versions of tar.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Summary
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2.
Last Update
June 27, 2023, 2:28 p.m.
Weakness
URL Redirection to Untrusted Site ('Open Redirect') (CWE-601)
Summary
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Access of Uninitialized Pointer (CWE-824)
Summary
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Incorrect Calculation of Buffer Size (CWE-131)
Summary
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. 
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Summary
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
UNIX Symbolic Link (Symlink) Following (CWE-61)
Summary
`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
Summary
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Deserialization of Untrusted Data (CWE-502)
Summary
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
UNIX Symbolic Link (Symlink) Following (CWE-61)
Summary
`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Incorrect Permission Assignment for Critical Resource (CWE-732)
Summary
Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Reachable Assertion (CWE-617)
Summary
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component Item_field::used_tables/update_depend_map_for_order.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Use of Uninitialized Resource (CWE-908)
Summary
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6.5 and below was discovered to contain an use-after-free in the component Item_args::walk_arg, which is exploited via specially crafted SQL statements.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Improper Input Validation (CWE-20)
Summary
Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Summary
MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements.
Last Update
June 27, 2023, 2:29 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
Last Update
June 27, 2023, 2:29 p.m.
Weakness
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (CWE-88)
Summary
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
Last Update
June 27, 2023, 2:28 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of exif.c.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Reachable Assertion (CWE-617)
Summary
There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Improper Null Termination (CWE-170)
Summary
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Cryptographic Issues (CWE-310)
Summary
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Reliance on Reverse DNS Resolution for a Security-Critical Action (CWE-350)
Summary
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Use After Free (CWE-416)
Summary
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Summary
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Incorrect Authorization (CWE-863)
Summary
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
An issue in the component my_decimal::operator= of MariaDB Server v10.6.3 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Permissions, Privileges, and Access Controls (CWE-264)
Summary
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
Last Update
Aug. 30, 2024, 9:14 a.m.
Weakness
Out-of-bounds Write (CWE-787)
Summary

A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier.

Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)
Summary
An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Use After Free (CWE-416)
Summary
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Inefficient Regular Expression Complexity (CWE-1333)
Summary
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Reachable Assertion (CWE-617)
Summary
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. 
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Summary
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Certificate Validation (CWE-295)
Summary
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Uncontrolled Search Path Element (CWE-427)
Summary
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Control of Generation of Code ('Code Injection') (CWE-94)
Summary
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Improper Access Control (CWE-284)
Summary
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Input Validation (CWE-20)
Summary
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Improper Input Validation (CWE-20)
Summary
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
The llhttp parser lower than v14.20.1, lower than v16.17.1 and lower than v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
The llhttp parser lower than v14.20.1, lower than v16.17.1 and lower than v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
The llhttp parser lower than v14.20.1, lower than v16.17.1 and lower than v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Path Traversal: '../filedir' (CWE-24)
Summary
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CWE-444)
Summary
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Use of Password Hash With Insufficient Computational Effort (CWE-916)
Summary
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
Last Update
June 27, 2023, 2:28 p.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Improper Null Termination (CWE-170)
Summary
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:36 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835)
Summary
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Reachable Assertion (CWE-617)
Summary
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause.
Last Update
June 27, 2023, 2:36 p.m.
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Uncontrolled Recursion (CWE-674)
Summary
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
NULL Pointer Dereference (CWE-476)
Summary
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
Last Update
Aug. 30, 2024, 9:28 a.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file.

Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
Summary
Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Summary
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Improper Input Validation (CWE-20)
Summary
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Summary
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Improper Input Validation (CWE-20)
Summary
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') (CWE-113)
Summary
Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Improper Preservation of Permissions (CWE-281)
Summary
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Uncontrolled Resource Consumption (CWE-400)
Summary
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
Last Update
June 27, 2023, 2:32 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII numbers. This can read to disclosure of the content of some memory locations.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Input Validation (CWE-20)
Summary
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Handling of Invalid Use of Special Elements (CWE-159)
Summary
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Out-of-bounds Read (CWE-125)
Summary
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Certificate Validation (CWE-295)
Summary
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Certificate Validation (CWE-295)
Summary
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable.
Last Update
June 27, 2023, 2:35 p.m.
Weakness
Improper Following of a Certificate's Chain of Trust (CWE-296)
Summary
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option.
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Cryptographic Issues (CWE-310)
Summary
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Last Update
June 27, 2023, 2:37 p.m.
Weakness
Improper Authentication (CWE-287)
Summary
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Improper Null Termination (CWE-170)
Summary
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Last Update
June 27, 2023, 2:38 p.m.
Weakness
Untrusted Search Path (CWE-426)
Summary
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
Last Update
June 27, 2023, 2:34 p.m.
Weakness
Insufficient Information (NVD-CWE-noinfo)
Summary
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Last Update
June 27, 2023, 2:33 p.m.
Weakness
Use After Free (CWE-416)
Summary
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.

Impact

The vulnerabilities covered by this advisory have a broad range of impacts ranging from denial-of-service to disclosure or manipulation/deletion of information.

Given the intended purpose of FactoryViews as a didactic tool in controlled lab environments,
separate from productive systems, it never comes into contact with sensitive information. Therefore
the impact is reduced to limited availability of the system.

To further reduce the risk due to loss of information, users should make use of the built-in backup
feature to safeguard important configurations needed for lessons.

Solution

General recommendations

Festo Didactic offers products with security functions that aid the safe operation of plants, systems, machines and networks. In order to protect plants, systems, machines and networks from cyber threats, a comprehensive security concept must be implemented and continuously updated. Festo's products and services only constitute one part of such a concept.

The customer is responsible for preventing unauthorized access to their plants, systems, machines and networks. Systems, machines and components should only be connected to a company's network or the Internet if and as necessary, and only when the suitable security measures (e.g., firewalls and network segmentation, defense-in-depth) are in place. Failure to ensure adequate security measures when connecting the product to the network can result in vulnerabilities which allow unauthorized, remote access to the network – even beyond the product’s boundaries. This access could be abused to incur a loss of data or manipulate or sabotage systems. Typical forms of attack include but are not limited to: Denial-of-Service (rendering the system temporarily non- functional), remote execution of malicious code, privilege escalation (executing malicious code with higher system privileges than expected), ransomware (encryption of data and demanding payment for decryption). In the context of industrial systems and machines this can also lead to unsafe states, posing a danger to people and equipment.

Furthermore, Festo's guidelines on suitable security measures should be observed. Festo products and solutions are constantly being developed further in order to make them more secure. Festo strongly recommends that customers install product updates as soon as they become available and always use the latest versions of its products. Any use of product versions that are no longer supported or any failure to install the latest updates may render the customer vulnerable to cyberattacks.

Remediation

FactoryViews (non-Lite): Upgrade to FactoryViews 1.6.0. See the upgrade guide for information on how to upgrade.

FactoryViews Lite: An update for FactoryViews Lite is not yet available. This advisory will be updated when a patch is released.

Reported by

Festo SE & Co. KG thanks CERT@VDE for coordination and support with this publication