Felix Wilhelm

**Name of the Vulnerable Software and Affected Versions** Git versions prior to v2.48.1 Git versions prior to v2.47.2 Git versions prior to v2.46.3 Git versions prior to v2.45.3 Git versions prior to v2.44.3 Git versions prior to v2.43.6 Git versions prior to v2.42.4 Git versions prior to v2.41.3 Git versions prior to v2.40.4 **Description** The issue is related to the Git credential protocol, which is text-based and consists of key-value pairs. A mismatch in newline treatment between Git and the Git Credential Manager (GCM) allows an attacker to craft a malicious remote URL. This can lead to the capture of credentials for another Git remote. The attack is heightened when cloning from repositories with submodules using the --recursive clone option. **Recommendations** For versions prior to v2.48.1, upgrade to v2.48.1 or later. For versions prior to v2.47.2, upgrade to v2.47.2 or later. For versions prior to v2.46.3, upgrade to v2.46.3 or later. For versions prior to v2.45.3, upgrade to v2.45.3 or later. For versions prior to v2.44.3, upgrade to v2.44.3 or later. For versions prior to v2.43.6, upgrade to v2.43.6 or later. For versions prior to v2.42.4, upgrade to v2.42.4 or later. For versions prior to v2.41.3, upgrade to v2.41.3 or later. For versions prior to v2.40.4, upgrade to v2.40.4 or later. As a temporary workaround, consider avoiding cloning from untrusted URLs, especially recursive clones.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Xeon(R) Processors (affected versions not specified) **Description** The issue concerns incorrect default permissions in some memory controller configurations for Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions. This may allow a privileged user to potentially enable escalation of privilege via local access. The vulnerability is related to Intel Microcode and is associated with default permission settings. Exploitation of the vulnerability could allow an attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** crewjam/saml go library versions prior to 0.4.9 **Description** The issue concerns an authentication bypass when processing SAML responses containing multiple Assertion elements. This has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. **Recommendations** For versions prior to 0.4.9, upgrade to version 0.4.9 to resolve the issue. As a temporary workaround, consider restricting the processing of SAML responses containing multiple Assertion elements until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache Commons BCEL versions prior to 6.6.0 **Description** The issue is related to an out-of-bounds writing problem in Apache Commons BCEL, which can be exploited to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to the affected APIs, giving the attacker more control over the resulting bytecode than otherwise expected. **Recommendations** Update to Apache Commons BCEL 6.6.0 to resolve the issue. As a temporary workaround, consider restricting the use of APIs that allow changing specific class characteristics to minimize the risk of exploitation. Avoid passing attacker-controllable data to these APIs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Passport-SAML versions prior to 3.2.2 node-saml versions prior to 4.0.0-beta.5 **Description** A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks might also be feasible if generation of a signed message can be triggered. **Recommendations** For Passport-SAML versions prior to 3.2.2, upgrade to version 3.2.2 or newer. For node-saml versions prior to 4.0.0-beta.5, upgrade to version 4.0.0-beta.5 or newer. As a temporary workaround, consider disabling SAML authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** node-saml versions prior to 4.0.0-beta5 **Description** A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks might also be feasible if generation of a signed message can be triggered. **Recommendations** For versions prior to 4.0.0-beta5, upgrade to node-saml version 4.0.0-beta5 or newer. As a temporary workaround, consider disabling SAML authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** .NET Core 3.1 versions 3.1.0 through 3.1.27 .NET 6.0 versions 6.0.0 through 6.0.7 **Description** An information disclosure issue exists due to incorrect restriction of XML external entity references, potentially allowing a remote attacker to access confidential information. This issue affects .NET Core 3.1 and .NET 6.0 applications. **Recommendations** For .NET Core 3.1 versions 3.1.0 through 3.1.27, update to Runtime 3.1.28. For .NET 6.0 versions 6.0.0 through 6.0.7, update to Runtime 6.0.8 or SDK 6.0.108.

**Name of the Vulnerable Software and Affected Versions** Dell BSAFE Crypto-C Micro Edition versions prior to 4.1.5 Dell BSAFE Micro Edition Suite versions prior to 4.5.2 **Description** The issue is related to improper input validation, which can allow a remote attacker to execute arbitrary code in the context of the current user. This is due to incorrect verification of cryptographic signatures. **Recommendations** For Dell BSAFE Crypto-C Micro Edition versions prior to 4.1.5, update to version 4.1.5 or later. For Dell BSAFE Micro Edition Suite versions prior to 4.5.2, update to version 4.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apache Xalan Java XSLT library versions prior to 2.7.3 **Description** The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Note that Java runtimes, such as OpenJDK, include repackaged copies of Xalan. **Recommendations** To resolve the issue, update to version 2.7.3 or later. As a temporary workaround, consider restricting the processing of malicious XSLT stylesheets until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache Tika versions prior to 1.28.2 Apache Tika versions prior to 2.4.0 **Description** The issue concerns the BPG parser in Apache Tika, which may allocate an excessive amount of memory when processing carefully crafted files. **Recommendations** For versions prior to 1.28.2, update to version 1.28.2 or later. For versions prior to 2.4.0, update to version 2.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** cmark-gfm versions prior to 0.29.0.gfm.3 and 0.28.3.gfm.21 **Description** The issue is related to an integer overflow in cmark-gfm's table row parsing, which may lead to heap memory corruption when parsing tables with more than UINT16 MAX columns. This can result in Information Leak or Arbitrary Code Execution, depending on how and where cmark-gfm is used. If cmark-gfm is used for rendering remote user-controlled markdown, this may lead to Remote Code Execution (RCE) in applications employing affected versions of the cmark-gfm library. **Recommendations** To resolve the issue, update to version 0.29.0.gfm.3 or 0.28.3.gfm.21, or later. As a temporary workaround, consider disabling the table extension in cmark-gfm to prevent this vulnerability from being triggered.

**Name of the Vulnerable Software and Affected Versions** CommonMarker versions prior to 0.23.4 **Description** The issue is related to an integer overflow vulnerability in the CommonMarker library. This vulnerability can be exploited by remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution. The vulnerability occurs when parsing tables with marker rows that contain more than UINT16 MAX columns. **Recommendations** For CommonMarker versions prior to 0.23.4, update to version 0.23.4 to resolve the issue. As a temporary workaround, consider disabling the use of the table extension in `cmark-gfm` to prevent the vulnerability from being triggered.

**Name of the Vulnerable Software and Affected Versions** containerd versions prior to 1.6.1 containerd versions prior to 1.5.10 containerd versions prior to 1.4.12 **Description** A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup, including a Kubernetes Pod Security Policy, and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. **Recommendations** Update to containerd version 1.6.1 to resolve the issue. Update to containerd version 1.5.10 to resolve the issue. Update to containerd version 1.4.12 to resolve the issue. As a temporary workaround, ensure that only trusted images are used.

**Name of the Vulnerable Software and Affected Versions** runc versions prior to 1.0.3 **Description** The issue is related to an integer overflow in the 16-bit length field for the byte array attribute type in the netlink serialization system used by runc. This allows an attacker with control over the container configuration to bypass namespace restrictions by adding a malicious netlink payload. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines, such as with shared cloud infrastructure. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 to fix the bug. As a temporary workaround, consider disallowing untrusted namespace paths from your container configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.11.12 **Description** The issue is related to a use-after-free vulnerability in the arch/x86/kvm/svm/nested.c component of the Linux kernel, specifically affecting AMD KVM guests. This vulnerability can be exploited to bypass access control on host OS MSRs when there are nested guests, due to a TOCTOU race condition associated with a VMCB12 double fetch in nested svm vmrun. The vulnerability allows an attacker to execute code outside of the guest system, potentially leading to privilege escalation. **Recommendations** For Linux kernel versions prior to 5.11.12, update to version 5.11.12 or later to resolve the issue. As a temporary workaround, consider disabling the nested guest feature in AMD KVM until a patch is available. Restrict access to the vulnerable `arch/x86/kvm/svm/nested.c` component to minimize the risk of exploitation. Avoid using the `nested svm vmrun` function until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96 Mozilla Firefox versions prior to 84.0.2 Firefox ESR versions prior to 84.0.2 Firefox for Android versions prior to 84.0.2 Description: The issue is related to a use-after-free vulnerability in the WebRTC implementation, specifically in the COOKIE-ECHO extension. This vulnerability can be exploited by a remote attacker using a crafted SCTP packet, potentially leading to heap corruption or arbitrary code execution. The vulnerability is caused by accessing memory after it has been freed in the COOKIE-ECHO handler. Recommendations: For Google Chrome versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later. For Mozilla Firefox versions prior to 84.0.2, update to version 84.0.2 or later. For Firefox ESR versions prior to 84.0.2, update to version 84.0.2 or later. For Firefox for Android versions prior to 84.0.2, update to version 84.0.2 or later. As a temporary workaround, consider disabling WebRTC until a patch is available. Restrict access to the COOKIE-ECHO extension to minimize the risk of exploitation. Avoid using the `COOKIE-ECHO` handler in the affected SCTP packet until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Git versions prior to 2.17.4 Git versions prior to 2.18.3 Git versions prior to 2.19.4 Git versions prior to 2.20.3 Git versions prior to 2.21.2 Git versions prior to 2.22.3 Git versions prior to 2.23.2 Git versions prior to 2.24.2 Git versions prior to 2.25.3 Git versions prior to 2.26.1 **Description** The issue arises from insufficient input validation in Git's "credential helper" component, allowing an attacker to trick Git into sending private credentials to a host controlled by the attacker. This can be achieved by crafting a specially formatted URL containing an encoded newline, which injects unintended values into the credential helper protocol stream. As a result, the credential helper may retrieve the password for one server and send it to another server, potentially leading to unauthorized access to protected information. The vulnerability can be triggered by feeding a malicious URL to `git clone`, and the likely vector would be through systems that automatically clone URLs not visible to the user, such as Git submodules or package systems built around Git. **Recommendations** For versions prior to 2.17.4, update to version 2.17.4 or later. For versions prior to 2.18.3, update to version 2.18.3 or later. For versions prior to 2.19.4, update to version 2.19.4 or later. For versions prior to 2.20.3, update to version 2.20.3 or later. For versions prior to 2.21.2, update to version 2.21.2 or later. For versions prior to 2.22.3, update to version 2.22.3 or later. For versions prior to 2.23.2, update to version 2.23.2 or later. For versions prior to 2.24.2, update to version 2.24.2 or later. For versions prior to 2.25.3, update to version 2.25.3 or later. For versions prior to 2.26.1, update to version 2.26.1 or later. As a temporary workaround, consider disabling the `credential.helper` function until a patch is available. Restrict access to the vulnerable `credential.helper` module to minimize the risk of exploitation. Avoid using the `credential.helper` protocol with suspicious URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** HAProxy versions 1.8 through 2.1.4 **Description** The issue is related to the hpack dht insert function in the HPACK decoder, which can be exploited by a remote attacker via a crafted HTTP/2 request. This could lead to writing arbitrary bytes around a certain location on the heap, possibly causing remote code execution. The vulnerability may allow an attacker to gain unauthorized access to confidential data, cause a denial of service, or impact data integrity. **Recommendations** For HAProxy versions 1.8 through 2.1.4, update to version 2.1.4 or later to resolve the issue. As a temporary workaround, consider disabling HTTP/2 support until a patch is available. Restrict access to the hpack dht insert function in the HPACK decoder to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeTDS versions prior to 1.1.12 **Description** The issue is related to a buffer overflow in the FreeTDS library. This can potentially allow a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For versions prior to 1.1.12, update to version 1.1.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.20.5 **Description** The issue is related to a Use-after-Free in the KVM implementation of the Linux kernel. This could potentially allow an attacker to cause a denial of service or execute arbitrary code. **Recommendations** For Linux kernel versions through 4.20.5, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.