CVE-2022-1586: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This…

CVE-2017-18342 [CRITICAL] PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the CVEs: CVE-2017-18342, CVE-2017-8923, CVE-2017-9120, CVE-2019-1551, CVE-2019-16865, CVE-2019-16905, CVE-2019-19523, CVE-2019-19528, CVE-2019-19911, CVE-2020-0404, CVE-2020-0431, CVE-2020-0466, CVE-2020-10379, CVE-2020-11538, CVE-2020-11608, CVE-2020-12114, CVE-2020-12321, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13757, CVE-2020-14314, CVE-2020-14351, CVE-2020-15778, CVE-2020-1967, CVE-2020-24394, CVE-2020-24504, CVE-2020-25211, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25717, CVE-2020-26541, CVE-2020-2715

CVE-2022-1586 [CRITICAL] Oracle Oracle Communications Risk Matrix: Signaling (PCRE2) — CVE-2022-1586 Oracle Oracle Communications Risk Matrix: Signaling (PCRE2) vulnerability CVE: CVE-2022-1586 CVSS: 9.1 Protocol: TCP Remote exploit: Yes Affected versions: Network Advisory: cpuoct2022 (OCT 2022)

CVE-2022-1586 PCRE vulnerabilities Title: PCRE vulnerabilities Summary: PCRE could be made to expose sensitive information. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. Instructions: After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes.

CVE-2022-1586 PCRE vulnerabilities Title: PCRE vulnerabilities Summary: PCRE could be made to expose sensitive information. USN-5627-1 fixed several vulnerabilities in PCRE. This update provides the corresponding fixes for Ubuntu 18.04 ESM. Original advisory details: It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. Instructions: After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes.

CVE-2022-1586 [CRITICAL] CWE-125 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue i An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/V

CVE-2022-1586 [CRITICAL] CWE-125 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Package: pcre2 (Red Hat Enterprise Linux 7) - Not affected

CVE-2022-1586 [CRITICAL] CVE-2022-1586: pcre2 - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the c... An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. Scope: local bookworm: resolved (fixed in 10.40-1) bullseye: resolved (fixed in 10.36-2+deb11u1) forky: resolved (fixed in 10.40-1) sid: resolved (fixed in 10.40-1) trixie: resolved (fixed in 10.40-1)

CVE-2021-1586 [HIGH] CWE-345 Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability February 23, 2022 Update: After further investigation, Cisco determined that an additional fix was necessary to completely address this vulnerability. The initial fix allowed an attacker to cause high CPU utilization on an affected device, which could impact user traffic. See the Fixed Software section of this advisory for updated information about the fixed releases. A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vulnerability e

CVE-2021-1586 Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability CVE-2021-1586: Cisco Nexus 9000 Series Fabric Switches ACI Mode Multi-Pod and Multi-Site TCP Denial of Service Vulnerability February 23, 2022 Update: After further investigation, Cisco determined that an additional fix was necessary to completely address this vulnerability. The initial fix allowed an attacker to cause high CPU utilization on an affected device, which could impact user traffic. See the Fixed Software section of this advisory for updated information about the fixed releases. A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to unexpectedly restart the device, resulting in a denial of service (DoS) condition. This vu

CVE-2022-1586 [CRITICAL] CWE-125 GHSA-f3pv-9fwh-mp3x: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

CVE-2022-1586 [CRITICAL] CVE-2022-1586: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.

[HIGH] Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered ## Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable via an HTTP server running on the local network. However, it can also be configured to support remote administration and monitoring in more of an IOT style. Talos has identified TALOS-2022-1586 (CVE-2022-35401), an authentication bypass vulnerability that can lead to full administrative privileges. An attacker would need to send a series of HTTP requests to exploit this vulnerability. TALOS-2022-1590 (CVE-2022-38105)

CVE-2022-35401 [HIGH] Vulnerability Spotlight: Asus router access, information disclosure, denial of service vulnerabilities discovered Cisco Talos recently discovered three vulnerabilities in Asus router software. The Asus RT-AX82U router is one of the newer Wi-Fi 6 (802.11ax)-enabled routers that also supports mesh networking with other Asus routers. Like other routers, it is configurable via an HTTP server running on the local network. However, it can also be configured to support remote administration and monitoring in more of an IOT style. Talos has identified TALOS-2022-1586 (CVE-2022-35401), an authentication bypass vulnerability that can lead to full administrative privileges. An attacker would need to send a series of HTTP requests to exploit this vulnerability. TALOS-2022-1590 (CVE-2022-38105) is an information disclosure vulnerability in the opcode of the router’s configuration service that can lead to a disc