CVE-2022-1587: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue…

CVE-2022-1587 [CRITICAL] Oracle Oracle Analytics Risk Matrix: Analytics Server (PCRE2) — CVE-2022-1587 Oracle Oracle Analytics Risk Matrix: Analytics Server (PCRE2) vulnerability CVE: CVE-2022-1587 CVSS: 9.1 Protocol: HTTP Remote exploit: Yes Affected versions: Network Advisory: cpuapr2023 (APR 2023)

CVE-2022-1587 [CRITICAL] Oracle Oracle Database Server Risk Matrix: Oracle Notification Server (PCRE2) — CVE-2022-1587 Oracle Oracle Database Server Risk Matrix: Oracle Notification Server (PCRE2) vulnerability CVE: CVE-2022-1587 CVSS: 6.5 Protocol: HTTP Remote exploit: No Affected versions: Network Advisory: cpuoct2022 (OCT 2022)

CVE-2022-1586 PCRE vulnerabilities Title: PCRE vulnerabilities Summary: PCRE could be made to expose sensitive information. It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. Instructions: After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes.

CVE-2022-1586 PCRE vulnerabilities Title: PCRE vulnerabilities Summary: PCRE could be made to expose sensitive information. USN-5627-1 fixed several vulnerabilities in PCRE. This update provides the corresponding fixes for Ubuntu 18.04 ESM. Original advisory details: It was discovered that PCRE incorrectly handled memory when handling certain regular expressions. An attacker could possibly use this issue to cause applications using PCRE to expose sensitive information. Instructions: After a standard system update you need to restart applications using PCRE, such as the Apache HTTP server and Nginx, to make all the necessary changes.

CVE-2022-1587 [CRITICAL] CWE-125 An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to addit

CVE-2022-1587 [CRITICAL] CWE-125 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Package: pcre2 (Red Hat Enterprise Linux 7) - Not affected Package: pcre2 (Red Hat Enterprise Linux 8) - Not affected

CVE-2022-1587 [CRITICAL] CVE-2022-1587: pcre2 - An out-of-bounds read vulnerability was discovered in the PCRE2 library in the g... An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers. Scope: local bookworm: resolved (fixed in 10.40-1) bullseye: resolved (fixed in 10.36-2+deb11u1) forky: resolved (fixed in 10.40-1) sid: resolved (fixed in 10.40-1) trixie: resolved (fixed in 10.40-1)

CVE-2022-1587 [CRITICAL] CWE-125 GHSA-jmvm-hj36-w5hc: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

CVE-2022-1587 [CRITICAL] CVE-2022-1587: An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.

[CRITICAL] Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of VMs. The vulnerability Talos discovered is a post-authentication Java deserialization issue that could corrupt the software in a way that could allow an attacker to exploit arbitrary code on the target machine. TALOS-2022-1587 (CVE-2022-31680) is triggered if an adversary sends a specially crafted HTTP request to a targeted machine. The attacker would first have to log in with legitimate credentials to vCenter to be successful. Cisco Talos worked wi

[CRITICAL] Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution ## Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of VMs. The vulnerability Talos discovered is a post-authentication Java deserialization issue that could corrupt the software in a way that could allow an attacker to exploit arbitrary code on the target machine. TALOS-2022-1587 (CVE-2022-31680) is triggered if an adversary sends a specially crafted HTTP request to a targeted machine. The attacker wo