ALT Vulnerability
This commit is contained in:
parent
a294c4088d
commit
5d06ae0f10
@ -40,7 +40,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades tor to version 0.4.7.8-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02936: Уязвимость анонимного веб-браузера Tor, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-3838: description unavailable\n\n * CVE-2022-33903: Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.",
|
||||
"Description": "This update upgrades tor to version 0.4.7.8-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02936: Уязвимость анонимного веб-браузера Tor, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-3838: DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.\n\n * CVE-2022-33903: Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
@ -63,6 +63,13 @@
|
||||
}
|
||||
],
|
||||
"CVEs": [
|
||||
{
|
||||
"ID": "CVE-2021-3838",
|
||||
"CWE": "CWE-502",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3838",
|
||||
"Impact": "None",
|
||||
"Public": "20241115"
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2022-33903",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
|
||||
@ -45,7 +45,7 @@
|
||||
"Source": "CVE"
|
||||
}
|
||||
],
|
||||
"Description": "This update upgrades tor to version 0.4.7.8-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02936: Уязвимость анонимного веб-браузера Tor, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-3838: description unavailable\n\n * CVE-2022-33903: Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.",
|
||||
"Description": "This update upgrades tor to version 0.4.7.8-alt1. \nSecurity Fix(es):\n\n * BDU:2023-02936: Уязвимость анонимного веб-браузера Tor, связанная с некорректной зачисткой или освобождением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2021-3838: DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.\n\n * CVE-2022-33903: Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.",
|
||||
"Advisory": {
|
||||
"From": "errata.altlinux.org",
|
||||
"Severity": "High",
|
||||
@ -68,6 +68,13 @@
|
||||
}
|
||||
],
|
||||
"CVEs": [
|
||||
{
|
||||
"ID": "CVE-2021-3838",
|
||||
"CWE": "CWE-502",
|
||||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-3838",
|
||||
"Impact": "None",
|
||||
"Public": "20241115"
|
||||
},
|
||||
{
|
||||
"ID": "CVE-2022-33903",
|
||||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user