SB2024100336 - Multiple vulnerabilities in Migration Toolkit for Containers 1.8
Published: October 3, 2024 Updated: August 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 66 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2023-45288)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single HTTP/2 stream. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.2) Path traversal (CVE-ID: CVE-2024-29180)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
3) Open redirect (CVE-ID: CVE-2024-29041)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data in malformed URLs. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
4) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-39338)
The disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
5) Information disclosure (CVE-ID: CVE-2023-45289)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to insecure forwarding of headers and cookies to a third-party domains in net/http and net/http/cookiejar. A remote attacker can trick the application into sharing sensitive information with an attacker-controlled website.
6) Resource exhaustion (CVE-ID: CVE-2024-28180)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when decompressing JWE with Decrypt or DecryptMulti. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
7) Information disclosure (CVE-ID: CVE-2024-28849)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to credentials are shared via headers when following cross-domain redirects. A remote attacker can gain access to sensitive information.
8) Incorrect Resource Transfer Between Spheres (CVE-ID: CVE-2024-29018)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within external DNS requests from "internal" networks. A remote attacker can gain unauthorized access to sensitive information on the system.
9) Improper validation of integrity check value (CVE-ID: CVE-2024-3727)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper validation of integrity check. A remote attacker can trick the victim into providing authenticated registry accesses, causing resource exhaustion, local path traversal, and other attacks.
10) Infinite loop (CVE-ID: CVE-2024-24788)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and cause denial of service conditions.
11) Uncontrolled Memory Allocation (CVE-ID: CVE-2024-4068)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NPM package `braces` fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. A remote attacker can send "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
12) Resource exhaustion (CVE-ID: CVE-2024-28863)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources while parsing a tar file. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2019-25211)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect handling of the wildcard character in the URL within parseWildcardRules, which can lead to security restrictions bypass.
14) Heap-based buffer overflow (CVE-ID: CVE-2018-15209)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted crafted TIFF file, trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.
15) Out-of-bounds read (CVE-ID: CVE-2020-28241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in dump_entry_data_list in maxminddb.c. A remote attacker can perform a denial of service attack.
16) Integer overflow (CVE-ID: CVE-2021-43618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
17) Integer overflow (CVE-ID: CVE-2022-48468)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within parse_required_member() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Heap-based buffer overflow (CVE-ID: CVE-2022-48622)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the ani_load_chunk() function in io-ani.c. A remote attacker can trick the victim to open a specially crafted .ani file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) OS Command Injection (CVE-ID: CVE-2022-48624)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) NULL pointer dereference (CVE-ID: CVE-2023-2953)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ber_memalloc_x() function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
21) Resource management error (CVE-ID: CVE-2023-3446)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the DH_check(), DH_check_ex() and EVP_PKEY_param_check() function when processing a DH key or DH parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
22) Resource management error (CVE-ID: CVE-2023-3817)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when checking the long DH keys. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
23) Out-of-bounds write (CVE-ID: CVE-2023-4016)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
24) Resource management error (CVE-ID: CVE-2023-5678)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within DH_generate_key() and DH_check_pub_key() functions. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
25) OS Command Injection (CVE-ID: CVE-2023-6004)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.
26) Heap-based buffer overflow (CVE-ID: CVE-2023-6228)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the cpStripToTile() function in libtiff/tools/tiffcp.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) UNIX symbolic link following (CVE-ID: CVE-2023-6597)
The vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to a symlink following issue during cleanup when handling temporary files. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.
28) Unchecked Return Value (CVE-ID: CVE-2023-6918)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libssh does not check for returned values of message digest (MD) operations in low memory conditions. A remote attacker can terminate the connection or force the library to use weak keys.
29) Out-of-bounds read (CVE-ID: CVE-2023-7104)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sessionReadRecord() function in ext/session/sqlite3session.c when processing a corrupt changeset. A remote user can send a specially crafted request to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service attack.
30) Input validation error (CVE-ID: CVE-2023-25193)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in hb-ot-layout-gsubgpos.hh. A remote attacker can use consecutive marks during the process of looking back for base glyphs when attaching marks and perform a denial of service (DoS) attack.
31) Buffer overflow (CVE-ID: CVE-2023-25433)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing TIFF images within the rotateImage() function in /libtiff/tools/tiffcrop.c. A remote attacker can pass a specially crafted image to the application, trigger memory corruption and perform a denial of service (DoS) attack.
32) Out-of-bounds read (CVE-ID: CVE-2023-43785)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the _XkbReadKeySyms() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
33) Infinite loop (CVE-ID: CVE-2023-43786)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the PutSubImage() function. A local user can consume all available system resources and cause denial of service conditions.
34) Integer overflow (CVE-ID: CVE-2023-43787)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the XCreateImage() function. A local user can trigger integer overflow and execute arbitrary code with elevated privileges.
35) Out-of-bounds read (CVE-ID: CVE-2023-43788)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
36) Out-of-bounds read (CVE-ID: CVE-2023-43789)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
37) Resource exhaustion (CVE-ID: CVE-2023-45290)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in net/http due to application does not properly control consumption of internal resources when parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile). A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
38) Out-of-bounds write (CVE-ID: CVE-2023-52356)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the TIFFReadRGBATileExt() API. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
39) Resource exhaustion (CVE-ID: CVE-2024-0450)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2024-1737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
41) Resource exhaustion (CVE-ID: CVE-2024-1975)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
42) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2024-2398)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when sending HTTP/2 server push responses with an overly large number of headers. A remote attacker can send PUSH_PROMISE frames with an excessive amount of headers to the application, trigger memory leak and perform a denial of service (DoS) attack.
43) Resource exhaustion (CVE-ID: CVE-2024-3651)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
44) Code Injection (CVE-ID: CVE-2024-6345)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when processing URL in the package_index module of pypa/setuptools. A remote attacker can send a specially crafted request and execute arbitrary code on the target system via download functions.
45) Error Handling (CVE-ID: CVE-2024-24783)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in crypto/x509 due to improper validation of a certificate chain that contains an unknown public key. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service attack.
46) Use-after-free (CVE-ID: CVE-2024-25062)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
47) Input validation error (CVE-ID: CVE-2024-28182)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
48) Cryptographic issues (CVE-ID: CVE-2024-28834)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.
49) Arbitrary file upload (CVE-ID: CVE-2024-32002)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
50) Code Injection (CVE-ID: CVE-2024-32004)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a process control issue while cloning special-crafted local repositories. A remote attacker can execute arbitrary code on the target system.
51) UNIX Hard Link (CVE-ID: CVE-2024-32020)
The vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure hardlink following when working with local clones. Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user.
52) UNIX symbolic link following (CVE-ID: CVE-2024-32021)
The vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure symlink following issue. When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory.
53) Code injection (CVE-ID: CVE-2024-32465)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when working with zip files or tarballs during cloning. A remote attacker can and execute arbitrary code on the target system.
54) OS Command Injection (CVE-ID: CVE-2024-32487)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when handling newline characters in the filename in filename.c. A remote attacker can trick the victim to pass a specially crafted filename to the affected command and execute arbitrary OS commands on the system.
55) Stack-based buffer overflow (CVE-ID: CVE-2024-33599)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
56) NULL pointer dereference (CVE-ID: CVE-2024-33600)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
57) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-33601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
58) Buffer overflow (CVE-ID: CVE-2024-33602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
59) Insecure DLL loading (CVE-ID: CVE-2024-33871)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the "Driver" parameter for the "opvp"/"oprp" device specifies the name of a dynamic library and allows any library to be loaded. A remote attacker can pass a specially crafted document to the application and execute arbitrary library on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
60) Cross-site scripting (CVE-ID: CVE-2024-34064)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the "xmlattr" filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
61) UNIX symbolic link following (CVE-ID: CVE-2024-35235)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and make it world-writable.
Successful exploitation of this vulnerability may result in privilege escalation.
62) Input validation error (CVE-ID: CVE-2024-37370)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.
63) Out-of-bounds read (CVE-ID: CVE-2024-37371)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling GSS message token. A remote attacker can send specially crafted token to the application, trigger an out-of-bounds read error and read contents of memory on the system.
64) Information disclosure (CVE-ID: CVE-2024-37891)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to Prox-Authorization header is not stripped during cross-origin redirects when using urllib3's proxy support with ProxyManager. A remote attacker can gain obtain proxy credentials used by the library.
65) Input validation error (CVE-ID: CVE-2024-38428)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation of URL when parsing strings with semicolons within the scheme_leading_string() function in url.c. A remote attacker can pass a specially crafted URL to the application and influence its behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
66) Use of Potentially Dangerous Function (CVE-ID: CVE-2024-39331)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to org-link-expand-abbrev in lisp/ol.el expands a %(...) link abbrev even when it specifies an unsafe function. A remote attacker can execute arbitrary OS commands on the system.
Remediation
Install update from vendor's website.