CVE-2022-1077
published 2022-03-29CVE-2022-1077: A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
2.47%
82.5th percentile
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tem | flex-1080 | — | — |
| tem | flex-1080_firmware | — | — |
| tem | flex-1085 | — | — |
| tem | flex-1085_firmware | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jpjh-85f7-386r: A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1
ghsa_unreviewed·2022-03-30
CVE-2022-1077 [HIGH] CWE-200 GHSA-jpjh-85f7-386r: A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.
Red Hat
sox: floating point exception in src/aiff.c
vendor_redhat·2023-05-05·CVSS 5.5
CVE-2023-26590 [MEDIUM] CWE-1077 sox: floating point exception in src/aiff.c
sox: floating point exception in src/aiff.c
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.
Statement: This flaw was found to be a duplicate of CVE-2022-31650. Please see https://access.redhat.com/security/cve/CVE-2022-31650 for information about affected products and security errata.
Package: sox (Red Hat Enterprise Linux 6) - Out of support scope
Package: sox (Red Hat Enterprise Linux 7) - Out of support scope
Package: sox (Red Hat Enterprise Linux AI (RHEL AI)) - Affected
Red Hat
sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a
vendor_redhat·2022-04-14·CVSS 5.5
CVE-2022-31650 [MEDIUM] CWE-1077 sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a
sox: a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
A heap-based buffer overflow vulnerability exists in a reachable assertion in the rate_init of the Sound Exchange sox library. A specially-crafted file can lead to a floating-point exception. This flaw allows an attacker to provide a malicious file to trigger this vulnerability.
Package: sox (Red Hat Enterprise Linux 6) - Out of support scope
Package: sox (Red Hat Enterprise Linux 7) - Out of support scope
Package: sox (Red Hat Enterprise Linux AI (RHEL AI)) - Not affected
Red Hat
sox: an assertion failure in rate_init in rate.c in libsox.a
vendor_redhat·2022-04-14·CVSS 5.5
CVE-2022-31651 [MEDIUM] CWE-1077 sox: an assertion failure in rate_init in rate.c in libsox.a
sox: an assertion failure in rate_init in rate.c in libsox.a
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
A heap-based buffer overflow vulnerability exists in the inlsx_aiffstartwrite.environment of the Sound Exchange sox library. A specially-crafted file can lead to a float point exception. This flaw allows an attacker to provide a malicious file to trigger this vulnerability.
Package: sox (Red Hat Enterprise Linux 6) - Out of support scope
Package: sox (Red Hat Enterprise Linux 7) - Out of support scope
Package: sox (Red Hat Enterprise Linux AI (RHEL AI)) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-29
Published