TippingPoint SMS Vulnerability Inquiries
CVE-2020-15778
Description: This vulnerability affects the scp utility in OpenSSH versions up to 8.3p1. It involves command injection via backticks in the destination argument.
Impact: Exploiting this vulnerability allows arbitrary command execution on the remote server with the user's permissions.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The SMS is not vulnerable as it does not utilize the affected versions.
CVE-2021-36368
Description: This vulnerability affects OpenSSH versions before 8.9. If a client uses public-key authentication with agent forwarding but without -oLogLevel=verbose, an attacker can silently modify the server to support the None authentication option.
Impact: The user cannot determine whether FIDO authentication is confirming the connection to the server or allowing the server to connect elsewhere on the user's behalf.
Severity: The CVSS score for this vulnerability is 3.7, indicating a low severity level.
Trend Response: The SMS is not vulnerable as it does not utilize the affected versions.
CVE-2023-3817
Description: This vulnerability affects OpenSSL. Checking excessively long Diffie-Hellman (DH) keys or parameters can be very slow.
Impact: Applications using functions like DH_check(), DH_check_ex(), or EVP_PKEY_param_check() to verify DH keys or parameters may experience long delays. This can potentially lead to a Denial of Service (DoS) if the keys or parameters are from an untrusted source.
Severity: The CVSS score for this vulnerability is 5.3, indicating a medium severity level.
Trend Response: The SMS is not vulnerable as we don't use the vulnerable OpenSSL functions in the product.
CVE-2023-3823
Description: This vulnerability affects PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8.
Impact: Various XML functions rely on libxml global state to track configuration variables. If other modules, like ImageMagick, change this state, it can lead to external XML entities being loaded, potentially disclosing local files accessible to PHP.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The SMS is not vulnerable as we don't use PHP in the product.
CVE-2023-3824
Description: This vulnerability affects PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8.
Impact: Insufficient length checking when loading PHAR files can lead to a stack buffer overflow, potentially causing memory corruption or remote code execution (RCE).
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as we don't use PHP in the product.
CVE-2023-4807
Description: This vulnerability affects OpenSSL. The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer x86_64 processors supporting AVX512-IFMA instructions.
Impact: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted, leading to various consequences such as incorrect results, application crashes, or denial of service (DoS).
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The SMS is not vulnerable as we don't use the vulnerable OpenSSL functions in the product.
CVE-2023-4863
Description: This vulnerability involves a heap buffer overflow in libwebp, affecting Google Chrome prior to version 116.0.5845.187 and libwebp 1.3.2.
Impact: It allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page, potentially leading to arbitrary code execution.
Severity: The CVSS score for this vulnerability is 8.8, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as we don't use PHP in in the product.
CVE-2023-4911
Description: This vulnerability involves a buffer overflow in the GNU C Library's dynamic loader ld.so, affecting systems that utilize the GLIBC_TUNABLES environment variable.
Impact: It allows a local attacker to exploit the flaw by using maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission, potentially leading to arbitrary code execution with elevated privileges.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The SMS is not vulnerable as it requires both a local attacker and the GLIBC_TUNABLES environment variable, which isn't present.
CVE-2023-5129
Description: This vulnerability involves a heap-based buffer overflow in the libwebp library when processing specially crafted WebP lossless files. The issue arises from improper handling of Huffman codes during the decoding process.
Impact: It allows a remote attacker to exploit the flaw by providing a malicious WebP file, potentially leading to arbitrary code execution..
Severity: The CVSS score for this vulnerability is 10.0, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as we don't use PHP in the product.
CVE-2023-5678
Description: This vulnerability involves generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters, which may be very slow.
Impact: Applications that use the functions DH_generate_key() to generate an X9.42 DH key or DH_check_pub_key(), DH_check_pub_key_ex(), or EVP_PKEY_public_check() to check an X9.42 DH key or parameters may experience long delays. If the key or parameters are obtained from an untrusted source, this could lead to a Denial of Service attack.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The SMS is not vulnerable as we don't use the affected functions.
CVE-2023-6246
Description: This vulnerability involves a heap-based buffer overflow in the __vsyslog_internal function of the glibc library. It occurs when the openlog function is not called, or is called with the ident argument set to NULL, and the program name (the basename of argv[0]) is larger than 1024 bytes.
Impact: It allows a local attacker to exploit the flaw, potentially leading to an application crash or local privilege escalation.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The SMS is not vulnerable as we don't use the affected version of glibc.
CVE-2023-38545
Description: This vulnerability involves a heap-based buffer overflow in the SOCKS5 proxy handshake process of curl and libcurl. When curl is asked to pass along a hostname to the SOCKS5 proxy, the maximum length for the hostname is 255 bytes. If the hostname exceeds this length, curl switches to local name resolution. However, due to a bug, the hostname may still be copied to the target buffer, leading to a buffer overflow.
Impact: It allows a remote attacker to exploit the flaw by providing a specially crafted hostname, potentially leading to arbitrary code execution.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as we don't use the affected version of the curl package. In addition curl is also not permitted from normal user access mode.
CVE-2023-44487
Description: This vulnerability involves a protocol-level weakness in HTTP/2 known as the "Rapid Reset" attack. It allows for a distributed denial-of-service (DDoS) attack by rapidly resetting many streams, leading to server resource exhaustion.
Impact: It allows a remote attacker to exploit the flaw, potentially causing significant disruption to affected servers by consuming their resources.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The SMS is not vulnerable as we don't currently support HTTP/2.
CVE-2023-46604
Description: This vulnerability involves a deserialization of untrusted data in the Java OpenWire protocol marshaller, affecting Apache ActiveMQ.
Impact: It allows a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol, causing the broker or client to instantiate any class on the classpath.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as we don't use Apache ActiveMQ in the product.
CVE-2023-46445
Description: This vulnerability involves an issue in AsyncSSH before version 2.14.1, where attackers can control the extension info message (RFC 8308) via a man-in-the-middle attack, known as "Rogue Extension Negotiation."
Impact: It allows a remote attacker to exploit the flaw, potentially leading to unauthorized control over the extension info message during the SSH handshake process..
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: The SMS is not vulnerable as we don't use Python in the product.
CVE-2023-46446
Description: This vulnerability involves an issue in AsyncSSH before version 2.14.1, where attackers can control the remote end of an SSH client session via packet injection/removal and shell emulation, known as a "Rogue Session Attack".
Impact: It allows a remote attacker to exploit the flaw, potentially leading to unauthorized control over the SSH client session.
Severity: The CVSS score for this vulnerability is 6.8, indicating a medium severity level.
Trend Response: The SMS is not vulnerable as we don't use Python in the product.
CVE-2023-48795
Description: This vulnerability involves a protocol-level weakness in the SSH transport protocol with certain OpenSSH extensions. It allows remote attackers to bypass integrity checks, leading to a situation where some packets are omitted during the extension negotiation message. This can result in a connection where some security features are downgraded or disabled, known as the "Terrapin attack."
Impact: It allows a remote attacker to exploit the flaw, potentially leading to a downgrade of security features in the SSH connection, which can compromise the integrity and confidentiality of the data being transmitted.
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: This vulnerability was addressed in SMS TOS version 6.2.0.
CVE-2023-50272
Description: This vulnerability involves a security issue in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 6 (iLO 6). It allows for an authentication bypass
Impact: It allows a remote attacker to exploit the flaw, potentially gaining unauthorized access to the affected systems.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: We don't have an official statement on this topic as iLO is an HP Product. Please see the following page from HP regarding this CVE: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04584en_us&docLocale=en_US
CVE-2023-50387
Description: This vulnerability involves a protocol-level weakness in DNS Security Extensions (DNSSEC) known as the "KeyTrap" vulnerability. It allows remote attackers to cause a denial of service (DoS) by triggering high CPU consumption through DNSSEC responses.
Impact: It allows a remote attacker to exploit the flaw, potentially causing significant disruption to DNS resolvers by consuming their resources during DNSSEC validation.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The SMS isn't impacted as it does not act as a DNS server that can be queried.
CVE-2023-51467
Description: This vulnerability involves an authentication bypass in Apache OFBiz, a Java-based web framework. It allows attackers to circumvent authentication processes.
Impact: It allows a remote attacker to exploit the flaw, potentially enabling them to execute arbitrary code.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The SMS isn't impacted as it does not utilize Apache OfBiz in the product.
CVE-2024-0727
Description: This vulnerability involves a NULL pointer dereference in OpenSSL when processing a maliciously formatted PKCS12 file. The issue arises because OpenSSL does not correctly check for certain fields being NULL in the PKCS12 specification.
Impact:It allows a remote attacker to exploit the flaw by providing a specially crafted PKCS12 file, potentially leading to a Denial of Service (DoS) attack as the application using OpenSSL may crash.
Severity: The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
Trend Response: We are not affected by this OpenSSL vulnerability because we only use OpenSSL's SSL/TLS functions. We don't use those vulnerable OpenSSL functions in our product.
CVE-2024-0762
Description: This vulnerability involves a potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCoreā¢ for select Intel platforms. It affects various versions of Phoenix SecureCoreā¢ for Intel Kaby Lake, Coffee Lake, Ice Lake, Comet Lake, Tiger Lake, Jasper Lake, Alder Lake, Raptor Lake, and Meteor Lake.
Impact: It allows a local attacker to exploit the flaw, potentially leading to arbitrary code execution due to the buffer overflow..
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: We are not affected by this vulnerability as none of these processors are utilized in our product.
CVE-2024-1086
Description: This vulnerability involves a use-after-free issue in the Linux kernel's netfilter: nf_tables component. It occurs when the nft_verdict_init() function allows positive values as drop errors within the hook verdict, leading to a double free vulnerability when NF_DROP is issued with a drop error resembling NF_ACCEPT.
Impact: It allows a local attacker to exploit the flaw, potentially achieving local privilege escalation.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: We are not affected by this vulnerability.
CVE-2024-3094
Description: Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The liblzma build process extracts a prebuilt object file from a disguised test file in the source code, modifying specific functions in the liblzma library.
Impact: This results in a modified liblzma library that can intercept and alter data interactions with any software linked against it.
Severity: The CVSS score for this vulnerability is 10.0, indicating a critical severity level.
Trend Response: We are not affected by this vulnerability as no affected version of the xz libraries are utilized in our product.
CVE-2024-4603
Description: This vulnerability involves checking excessively long DSA keys or parameters, which can be very slow. Applications using the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to verify DSA public keys or parameters may experience significant delays.
Impact: If the keys or parameters being checked come from an untrusted source, this can lead to a Denial of Service (DoS) attack. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
Severity: The CVSS score for this vulnerability is 5.3, indicating a medium severity level.
Trend Response: We are not affected by this vulnerability as we don't use OpenSSL for TLS communications.
CVE-2024-4741
Description: This vulnerability involves the OpenSSL API function SSL_free_buffers, which may cause memory to be accessed that was previously freed in certain situations.
Impact: This can lead to a range of issues, including data corruption, crashes, or the execution of arbitrary code However, only applications that directly call the SSL_free_buffers function are affected.
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: The SMS is not affected by this as we don't use the vulnerable function in our product.
CVE-2024-5310
Description: This vulnerability affects JFinalCMS up to version 20221020. It involves the manipulation of the "Title" argument in the /admin/content file, leading to cross-site scripting (XSS).
Impact: The vulnerability can be exploited remotely, allowing attackers to inject malicious scripts into web pages viewed by other users.
Severity: The CVSS score for this vulnerability is 5.1, indicating a medium severity level.
Trend Response: The SMS is not affected by this as we don't use JFinalCMS in our product.
CVE-2024-6387
Description: This vulnerability is a security regression related to CVE-2006-5051, discovered in OpenSSH's server (sshd). It involves a race condition that can lead sshd to handle some signals in an unsafe manner.
Impact: An unauthenticated, remote attacker may exploit this race condition by failing to authenticate within a set time period, potentially leading to arbitrary code execution
Severity: The CVSS score for this vulnerability is 8.1, indicating a high severity level.
Trend Response: Please see the following Product Bulletin regarding this issue: https://tmc.tippingpoint.com/TMC/ShowDocuments?parentFolderId=announcements&contentId=PB__1100___Product_Advisory_for_CVE_2024_6387__regreSSHion_.pdf
CVE-2024-13176
Description: This vulnerability involves a timing side-channel in ECDSA signature computations, which could potentially allow an attacker to recover the private key.
Impact: To exploit this vulnerability, an attacker would need either local access to the signing application or a very fast network connection with low latency The timing signal is around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero, affecting certain elliptic curves like the NIST P-521.
Severity: The CVSS score for this vulnerability is 4.1, indicating a low severity level.
Trend Response: While the SMS is technically vulnerable, the attack requires physical access to the device and additionally requires service mode shell.
CVE-2024-26925
Description: This vulnerability affects the Linux kernel's netfilter framework, specifically the nf_tables component. It involves the improper release of a mutex during the critical section between nft_gc_seq_begin() and nft_gc_seq_end().
Impact: If the mutex is released prematurely, the asynchronous garbage collection (GC) worker could collect expired objects and acquire the released commit lock within the same GC sequence This could lead to race conditions and potential system instability.
Severity: The CVSS score for this vulnerability is 7.0, indicating a high severity level.
Trend Response: The SMS is not vulnerable as it does not utilize the affected versions.
CVE-2024-27322
Description: This vulnerability affects the R statistical programming language, from version 1.4.0 up to and not including 4.4.0. It involves the deserialization of untrusted data, which can occur when interacting with a maliciously crafted RDS (R Data Serialization) formatted file or R package.
Impact: Exploiting this vulnerability allows an attacker to execute arbitrary code on the end user's system 1 2. This can lead to significant security risks, including unauthorized access and control over the affected system.
Severity: The CVSS score for this vulnerability is 8.8, indicating a high severity level.
Trend Response: The SMS is not vulnerable as it does not utilize the R programming language.
CVE-2024-39894
Description: This vulnerability affects OpenSSH versions 9.5 through 9.7 before 9.8. It involves a timing attack against echo-off password entry (e.g., for su and sudo) due to an ObscureKeystrokeTiming logic error.
Impact: The timing attack can potentially allow an attacker to infer keystroke timings and compromise password security Other timing attacks against keystroke entry could also occur.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: This vulnerability was addressed in the 6.4.0 version of the SMS TOS.
CVE-2024-43856
Description: This vulnerability affects the Linux kernel, specifically the dmam_free_coherent function. It involves a concurrency issue where the function frees a DMA allocation and then calls devres_destroy() to remove the associated data structure.
Impact: If a concurrent task makes an allocation with the same virtual address (vaddr) and adds it to the devres list, devres_destroy() can free the wrong entry, leading to inappropriate resource management This can cause system instability and potential crashes.
Severity: The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
Trend Response: The SMS was only vulnerable to this if attacker gains access to the local shell. Nevertheless, this vulnerability was addressed in the 6.5.0 version of the SMS TOS.
CVE-2024-47175
Description: This vulnerability affects the Common UNIX Printing System (CUPS), specifically the libppd function ppdCreatePPDFromIPP2. It does not sanitize IPP attributes when creating the PPD buffer.
Impact: When combined with other functions like cfGetPrinterAttributes5, this can lead to user-controlled input and potentially remote code execution via Foomatic.
Severity: The CVSS score for this vulnerability is 8.6, indicating a high severity level.
Trend Response: This vulnerability was addressed in the 6.5.0 version of the SMS TOS.
CVE-2024-47176
Description: This vulnerability affects the Common UNIX Printing System (CUPS), specifically the cups-browsed service. It binds to INADDR_ANY:631, causing it to trust any packet from any source.
Impact: When combined with other vulnerabilities, such as CVE-2024-47076 and CVE-2024-47175, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Severity: The CVSS score for this vulnerability is 8.4, indicating a high severity level.
Trend Response: This vulnerability was addressed in the 6.5.0 version of the SMS TOS.
CVE-2024-47177
Description: This vulnerability affects the Common UNIX Printing System (CUPS) and its associated cups-filters. Any value passed to the FoomaticRIPCommandLine via a PPD file will be executed as a user-controlled command.
Impact: When combined with other logic bugs, such as those described in CVE-2024-47176, this can lead to remote command execution 1 2. This means an attacker could potentially execute arbitrary commands on the affected system.
Severity: The CVSS score for this vulnerability is 9.0, indicating a critical severity level.
Trend Response: This vulnerability was addressed in the 6.5.0 version of the SMS TOS.
CVE-2024-50379
Description: This vulnerability affects Apache Tomcat versions 9.0.0.M1 through 9.0.97, 10.1.0-M1 through 10.1.33, and 11.0.0-M1 through 11.0.1. It involves a Time-of-check Time-of-use (TOCTOU) race condition during JSP compilation.
Impact: This race condition can permit remote code execution (RCE) on case-insensitive file systems when the default servlet is enabled for write (non-default configuration).
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as it does not utilize Apache Tomcat.
CVE-2025-1094
Description: This vulnerability affects PostgreSQL versions before 17.3, 16.7, 15.11, 14.16, and 13.19. It involves improper neutralization of quoting syntax in PostgreSQL libpq functions (PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn()), which allows a database input provider to achieve SQL injection in certain usage patterns.
Impact: SQL injection can occur if the application uses the function result to construct input to psql, the PostgreSQL interactive terminal 1 2. Additionally, improper neutralization of quoting syntax in PostgreSQL command line utility programs can lead to SQL injection when client_encoding is BIG5 and server_encoding is one of EUC_TW or MULE_INTERNAL.
Severity: The CVSS score for this vulnerability is 8.1, indicating a high severity level.
Trend Response: The SMS is not vulnerable as it does not utilize PostgresSQL.
CVE-2025-24813
Description: This vulnerability affects Apache Tomcat versions 9.0.0.M1 through 9.0.98, 10.1.0-M1 through 10.1.34, and 11.0.0-M1 through 11.0.2. It involves a path equivalence issue where the file.Name (Internal Dot) can lead to remote code execution, information disclosure, or the addition of malicious content to uploaded files.
Impact: If certain conditions are met, such as enabling writes for the default servlet and support for partial PUT requests, a malicious user can exploit this vulnerability to view sensitive files, inject content, or execute arbitrary code.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as it does not utilize Apache Tomcat.
CVE-2025-26465
Description: This vulnerability involves an issue in OpenSSH when the VerifyHostKeyDNS option is enabled. It allows a machine-in-the-middle attack by a malicious machine impersonating a legitimate server.
Impact: It allows a remote attacker to exploit the flaw, potentially leading to unauthorized control over the SSH connection. The attack complexity is high as the attacker needs to exhaust the client's memory resources first.
Severity: The CVSS score for this vulnerability is 6.8, indicating a medium severity level.
Trend Response: This vulnerability was addressed in SMS TOS version 6.5.0.
CVE-2025-26466
Description: This vulnerability affects OpenSSH. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages These packets are only freed when the server/client key exchange has finished.
Impact: A malicious client can keep sending such packets, leading to uncontrolled memory consumption on the server side This can result in a denial of service (DoS) attack, making the server unavailable.
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: This vulnerability was addressed in SMS TOS version 6.5.0.
CVE-2025-29774
Description: This vulnerability affects the xml-crypto library for Node.js. Versions prior to 6.0.1, 3.2.1, and 2.1.6 are susceptible to an authentication bypass An attacker can modify a valid signed XML message in a way that still passes signature verification checks.
Impact: This could allow an attacker to alter critical identity or access control attributes, potentially escalating privileges or impersonating another user.
Severity: The CVSS score for this vulnerability is 9.3, indicating a critical severity level.
Trend Response: The SMS is not vulnerable as it does not utilize Node.js.
CVE-2025-32728
Description: This vulnerability affects OpenSSH versions before 10.0. The DisableForwarding directive in the sshd_config file does not function as documented, allowing X11 and agent forwarding even when it is set to "yes".
Impact: This can lead to unauthorized information disclosure and potential unauthorized access An attacker can exploit this by enabling agent forwarding and X11 display forwarding despite the directive's intended restrictions.
Severity: The CVSS score for this vulnerability is 4.3, indicating a medium severity level.
Trend Response: The SMS is not vulnerable as it does not utilize X11 or key based SSH logins.