CVE-2022-1252
published 2022-04-11CVE-2022-1252: Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and…
PriorityP346critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.54%
41.2th percentile
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gnuboard | gnuboard_gnuboard5 | unspecified – 5.5.5 | — |
| sir | gnuboard | <= 5.5.5 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat7.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5f4g-m368-xv75: Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5
ghsa_unreviewed·2022-04-12
CVE-2022-1252 [HIGH] CWE-326 GHSA-5f4g-m368-xv75: Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off.
Red Hat
kernel: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
vendor_redhat·2025-05-01·CVSS 7.1
CVE-2022-49870 [HIGH] CWE-125 kernel: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
kernel: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
In the Linux kernel, the following vulnerability has been resolved:
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
Shifting signed 32-bit value by 31 bits is undefined, so changing
significant bit to unsigned. The UBSAN warning calltrace like below:
UBSAN: shift-out-of-bounds in security/commoncap.c:1252:2
left shift of 1 by 31 places cannot be represented in type 'int'
Call Trace:
dump_stack_lvl+0x7d/0xa5
dump_stack+0x15/0x1b
ubsan_epilogue+0xe/0x4e
__ubsan_handle_shift_out_of_bounds+0x1e7/0x20c
cap_task_prctl+0x561/0x6f0
security_task_prctl+0x5a/0xb0
__x64_sys_prctl+0x61/0x8f0
do_syscall_64+0x58/0x80
entry_SYSCALL_64_after_hwframe+0x63/0xcd
Package: kernel (Red Hat Enterprise Linux 10) - Not
No detection rules found.
No public exploits indexed.
2022-04-11
Published