SB2024052921 - Multiple vulnerabilities in IBM Db2 on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data
Published: May 29, 2024 Updated: February 11, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 88 secuirty vulnerabilities.
1) Deserialization of Untrusted Data (CVE-ID: CVE-2020-24750)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. A remote attacker can execute arbitrary code on the target system.
2) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36182)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36181)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36180)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36179)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Deserialization of Untrusted Data (CVE-ID: CVE-2020-35728)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11620)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the affected software mishandles the interaction between serialization gadgets and typing, related to "org.apache.commons.jelly.impl.Embedded" (aka commons-jelly). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Deserialization of Untrusted Data (CVE-ID: CVE-2020-14060)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Deserialization of Untrusted Data (CVE-ID: CVE-2021-20190)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Deserialization of Untrusted Data (CVE-ID: CVE-2020-14061)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36184)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Deserialization of Untrusted Data (CVE-ID: CVE-2020-14195)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Deserialization of Untrusted Data (CVE-ID: CVE-2020-14062)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Deserialization of Untrusted Data (CVE-ID: CVE-2020-35491)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Deserialization of Untrusted Data (CVE-ID: CVE-2020-10672)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Deserialization of Untrusted Data (CVE-ID: CVE-2020-10969)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to javax.swing.JEditorPane. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Deserialization of Untrusted Data (CVE-ID: CVE-2020-10673)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11113)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11112)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11111)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to org.apache.activemq.*. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36183)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
22) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36185)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
23) Code Injection (CVE-ID: CVE-2020-8840)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to absence of xbean-reflect/JNDI gadget blocking. A remote attacker can pass specially crafted input to the application and execute arbitrary Java code on the system, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Input validation error (CVE-ID: CVE-2012-2677)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
25) Code Injection (CVE-ID: CVE-2022-36364)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in JDBC driver, which creates HTTP client instances based on class names provided via "httpclient_impl" connection property. The driver does not verify if the class implements the expected interface before instantiating it. A remote user with ability to control JDBC connection parameters can inject arbitrary class name and execute code on the system.
26) Uncontrolled memory allocation (CVE-ID: CVE-2018-10237)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to unbounded memory allocation. A remote attacker can cause the service to crash and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
27) SQL injection (CVE-ID: CVE-2024-1597)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when using the "PreferQueryMode=SIMPLE" option. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
28) Resource exhaustion (CVE-ID: CVE-2024-22360)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
29) Input validation error (CVE-ID: CVE-2023-52296)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
30) Resource exhaustion (CVE-ID: CVE-2024-27254)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
31) Input validation error (CVE-ID: CVE-2024-25046)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
32) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2024-25030)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files. A local user can read the log files and gain access to sensitive data.
33) Information disclosure (CVE-ID: CVE-2023-38729)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.
34) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36186)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Out-of-bounds write (CVE-ID: CVE-2020-36518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
36) XML External Entity injection (CVE-ID: CVE-2020-25649)
The vulnerability allows a remote attacker to modify information on the system.
The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and modify information on the system.
37) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36187)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
38) Deserialization of Untrusted Data (CVE-ID: CVE-2020-35490)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
39) Code Injection (CVE-ID: CVE-2020-24616)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
40) Deserialization of Untrusted Data (CVE-ID: CVE-2020-10650)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data when handling interactions related to the class ignite-jta. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
41) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36189)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Deserialization of Untrusted Data (CVE-ID: CVE-2020-36188)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
43) Deserialization of Untrusted Data (CVE-ID: CVE-2020-11619)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to affected software mishandles the interaction between serialization gadgets and typing, related to "org.springframework.aop.config.MethodLocatingFactoryBean" (aka spring-aop). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Deserialization of Untrusted Data (CVE-ID: CVE-2020-10968)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
45) Deserialization of Untrusted Data (CVE-ID: CVE-2020-9548)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability is related to:
- br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)
46) Memory leak (CVE-ID: CVE-2024-0690)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak caused by a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. A local user can gain access to potentially sensitive information.
47) Security restrictions bypass (CVE-ID: CVE-2018-1313)
The vulnerability allows a remote unauthenticated attacker to bypass security restrictions to the target system.The weakness exists in the Network Server component due to improper security restrictions. If the Derby Network Server is started without specifying a security manager, the Derby Network Server will install a default Java security manager that enforces a basic policy. A remote attacker can send a specially crafted packet and cause the system to boot a database for which the location and contents of the database are under the attacker's control.
48) LDAP injection (CVE-ID: CVE-2022-46337)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper input validation when processing DLAP queries. A remote non-authenticated attacker can send a specially crafted LDAP query to the application, bypass authentication process and gain unauthorized access to the application.
49) Improper access control (CVE-ID: CVE-2024-23944)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in persistent watchers. A remote user can bypass implemented security restrictions and obtain user names or login identifiers.
50) Cross-site scripting (CVE-ID: CVE-2024-22195)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
51) Input validation error (CVE-ID: CVE-2023-44270)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of external CSS files when parsing the "\r" character. A remote attacker can pass specially crafted input to the application and perform spoofing attack.
52) Untrusted search path (CVE-ID: CVE-2024-22190)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incomplete fix for #VU80473 (CVE-2023-40590). A local user can place a malicious binary (e.g. git.exe or bash.exe) into a specific location on the system and execute arbitrary code with escalated privileges.
53) Input validation error (CVE-ID: CVE-2020-13956)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to insufficient validation of user-supplied input in Apache HttpClient. A remote attacker can pass request URIs to the library as java.net.URI object and force the application to pick the wrong target host for request execution.
54) Stack-based buffer overflow (CVE-ID: CVE-2023-51074)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error in the Criteria.parse() method. A remote unauthenticated attacker can trigger stack-based buffer overflow and perform a denial of service attack.
55) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2021-21295)
The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in io.netty:netty-codec-http2 when converting HTTP/2 to HTTP/1 streams. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
56) Integer overflow (CVE-ID: CVE-2023-36478)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in MetaDataBuilder.checkSize when handling HTTP/2 HPACK header values. A remote attacker can send specially crafted request to the server, trigger an integer overflow and crash the server.
57) Authorization bypass through user-controlled key (CVE-ID: CVE-2023-44981)
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server
list, is optional and if it's missing,
the authorization check will be skipped. As a
result an arbitrary endpoint could join the cluster and begin
propagating counterfeit changes to the leader, essentially giving it
complete read-write access to the data tree.
58) Improper input validation (CVE-ID: CVE-2021-31684)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within indexOf() function of JSONParserByteArray. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
59) Cross-site scripting (CVE-ID: CVE-2020-23064)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in jQuery 2. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
60) Cross-site scripting (CVE-ID: CVE-2020-11023)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
61) Cross-site scripting (CVE-ID: CVE-2020-11022)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
62) Prototype pollution (CVE-ID: CVE-2019-11358)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
63) Path traversal (CVE-ID: CVE-2023-49569)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can overwrite arbitrary files on the system. Applications are only affected if they are using the ChrootOS, which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone).
64) Resource exhaustion (CVE-ID: CVE-2023-49568)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling responses from a Git server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
65) XXE attack (CVE-ID: CVE-2015-1832)
The vulnerability allows a remote user to conduct XXE attack.The weakness exists due to XML external entity error. Via vectors involving XmlVTI and the XML datatype context-dependent attackers can view arbitrary files that may lead to denial of service.
Successful exploitation of the vulnerability can result in potentially sensitive information disclosure and denial of service on the vulnerable system.
66) Improper Authorization (CVE-ID: CVE-2023-41900)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to an error in the revocation process. If a Jetty OpenIdAuthenticator uses the optional nested LoginService, and that LoginService decides to revoke an already authenticated user, then the current request will still treat the user as authenticated.
67) Input validation error (CVE-ID: CVE-2019-16942)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to a Polymorphic Typing issue when processing JSON requests within the org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSourc components. A remote attacker can send specially crafted JSON data to an RMI service endpoint and execute arbitrary code on he system.
Successful exploitation of the vulnerability requires that Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to send requests to.
68) Security features bypass (CVE-ID: CVE-2024-21626)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an internal file descriptor leak that can cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace or a malicious image to allow a container process to gain access to the host filesystem through runc run. A remote attacker can trick the victim into loading a malicious image to bypass sandbox restrictions and execute arbitrary code on the host OS.
69) Deserialization of Untrusted Data (CVE-ID: CVE-2020-9547)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability is related to:
- com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap)
70) Improper access control (CVE-ID: CVE-2019-20330)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions related to net.sf.ehcache in FasterXML jackson-databind. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
71) Input validation error (CVE-ID: CVE-2019-17531)
The vulnerability allows a remote attacker to compromise the affected software.
The vulnerability exists due to a Polymorphic Typing in jackson-databind when processing JSON requests. A remote attacker can send specially crafted JSON data to JNDI service and execute a malicious payload.
Successful exploitation of the vulnerability requires that Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath.
72) Input validation error (CVE-ID: CVE-2019-16943)
The vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to a Polymorphic Typing issue when processing JSON requests within the com.p6spy.engine.spy.P6DataSource component. A remote attacker can send specially crafted JSON data to an RMI service endpoint and execute arbitrary code on he system.
Successful exploitation of the vulnerability requires that Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to send requests to.
73) Deserialization of Untrusted Data (CVE-ID: CVE-2020-9546)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data between serialization gadgets and typing. A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability is related to:
- org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)
74) Resource exhaustion (CVE-ID: CVE-2023-34462)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
75) Cross-site request forgery (CVE-ID: CVE-2023-45857)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
76) Overly permissive cross-domain whitelist (CVE-ID: CVE-2022-1996)
The vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.
77) Input validation error (CVE-ID: CVE-2024-24549)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling HTTP/2 requests. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.
78) NULL pointer dereference (CVE-ID: CVE-2024-26130)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
79) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2023-40167)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling the "+" character passed via the HTTP/1 header field. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
80) NULL pointer dereference (CVE-ID: CVE-2023-49083)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.
81) Observable discrepancy (CVE-ID: CVE-2023-50782)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
82) Buffer Over-read (CVE-ID: CVE-2019-19203)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "gb18030_mbc_enc_len" function in "gb18030.c" file due to the UChar pointer is dereferenced without checking if it passed the end of the matched string. A remote attacker can cause a denial of service condition on the target system.
83) Integer overflow (CVE-ID: CVE-2019-19012)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to integer overflow in the "search_in_range" function in "regexec.c". A remote attacker can use a specially crafted regular expression, trigger out-of-bounds read and cause a denial-of-service or information disclosure on the target system.
84) Use-after-free (CVE-ID: CVE-2019-13224)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the onig_new_deluxe() function in regext.c in Oniguruma library when processing regular expressions. A remote attacker can pass specially crafted input to the application using the vulnerable library version, trigger use-after-free error and perform denial of service attack or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
85) Buffer Over-read (CVE-ID: CVE-2019-19204)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "fetch_interval_quantifier" function (formerly known as fetch_range_quantifier) in "regparse.c" file due to the PFETCH is called without checking PEND. A remote attacker can cause a denial of service condition on the target system.86) Resource exhaustion (CVE-ID: CVE-2019-16163)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
87) Security features bypass (CVE-ID: CVE-2023-261257)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A local user with access to the kubernetes pod can make system calls compromising the security of containers.
88) Input validation error (CVE-ID: CVE-2023-36479)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input in org.eclipse.jetty.servlets.CGI Servlet when quoting a command before its execution. A remote user can force the application to execute arbitrary file on the server and potentially compromise the system.
Remediation
Install update from vendor's website.