TippingPoint TPS Vulnerability Inquiries
CVE-2021-28041
Description: This vulnerability affects OpenSSH versions before 8.5. It has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
Impact: The user may not realize whether FIDO authentication is confirming the connection or letting the server connect elsewhere on their behalf.
Severity: The CVSS score for this vulnerability is 7.1, indicating a high severity level.
Trend Response: TPS is not impacted by this vulnerability as it does not use the ssh-agent.
CVE-2022-4203
Description: This vulnerability affects OpenSSL versions 3.0.0 through 3.0.7. It is an out-of-bounds read issue in the X.509 name constraint checking logic, triggered during certificate chain verification when processing OtherName SAN fields.
Impact: An attacker who can supply a malicious certificate (via a TLS client or server connection) may cause a denial of service by crashing the application. Information disclosure is theoretically possible but no practical exploit was demonstrated.
Severity: The CVSS score for this vulnerability is 4.9, indicating a medium severity level.
Trend Response: TPS is not exploitable by this vulnerability.
CVE-2023-0216
Description: This vulnerability involves an invalid pointer dereference on read, triggered when an application tries to load malformed PKCS7 data using the d2i_PKCS7(), d2i_PKCS7_bio(), or d2i_PKCS7_fp() functions. This flaw can result in an application crash, potentially leading to a denial of service attack.
Impact: It allows a remote attacker to exploit the flaw, causing the application to crash and potentially disrupting services.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: TPS is not impacted by this vulnerability.
CVE-2023-0401
Description: This vulnerability affects OpenSSL versions 3.0.0 through 3.0.7. It is a NULL pointer dereference issue that occurs during PKCS7 signature verification when the hash algorithm is recognized but its implementation is unavailable (e.g., FIPS-enabled configuration or missing legacy provider). The missing check for digest initialization return value leads to invalid API usage and a crash.
Impact: An attacker can exploit this by providing crafted PKCS7 signed or signedAndEnveloped data to applications using OpenSSL’s SMIME or Time Stamp (TS) verification functions. Successful exploitation typically results in a denial of service (application crash). TLS implementations in OpenSSL are not affected, but third-party apps calling these functions are vulnerable.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: TPS is not impacted by this vulnerability.
CVE-2023-3817
Description: This vulnerability involves checking excessively long DH keys or parameters in OpenSSL. The flaw occurs when the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions are used to validate DH keys or parameters obtained from untrusted sources, leading to overly long computations.
Impact: It allows a remote attacker to exploit the flaw, potentially causing a denial of service due to the excessive time required to process the keys or parameters.
Severity: The CVSS score for this vulnerability is 5.3, indicating a medium severity level.
Trend Response: The TPS is not vulnerable as we don't use the listed OpenSSL functions in our product.
CVE-2023-3823
Description: This vulnerability involves various XML functions in PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8. The flaw arises from reliance on libxml global state to track configuration variables, which can be altered by other modules like ImageMagick, leading to unintended loading of external entities.
Impact: It allows a remote attacker to exploit the flaw, potentially leading to the disclosure of local files accessible to PHP.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The TPS is not vulnerable as we don't use PHP in our product.
CVE-2023-3824
Description: This vulnerability involves a stack buffer overflow in PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8. The flaw occurs when loading PHAR files due to insufficient length checking while reading PHAR directory entries, potentially leading to memory corruption or remote code execution.
Impact: It allows a remote attacker to exploit the flaw, causing memory corruption or executing arbitrary code, which can compromise the affected system.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The TPS is not vulnerable as we don't use PHP in our product.
CVE-2023-4807
Description: This vulnerability involves a bug in the POLY1305 MAC implementation in OpenSSL on Windows 64 platforms with AVX512-IFMA instructions. The flaw can corrupt the internal state of applications when calculating the MAC of data larger than 64 bytes, leading to potential application crashes or incorrect results.
Impact:It allows a remote attacker to exploit the flaw, potentially causing application crashes or incorrect results, which can disrupt services.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The TPS is not vulnerable as we are not Windows 64 based.
CVE-2023-4863
Description: This vulnerability involves a heap buffer overflow in libwebp, affecting Google Chrome and other applications using the library. The flaw occurs when processing a crafted HTML page, leading to an out-of-bounds memory write.
Impact: It allows a remote attacker to exploit the vulnerability, potentially causing arbitrary code execution or a denial of service.
Severity: The CVSS score for this vulnerability is 8.8, indicating a high severity level.
Trend Response: The TPS is not vulnerable as we don't utilize libwebp in our product.
CVE-2023-4911
Description: This vulnerability involves a buffer overflow in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. The flaw allows a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Impact: It allows a local attacker to exploit the flaw, potentially gaining elevated privileges and executing arbitrary code on the affected system.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The TPS is not vulnerable.
CVE-2023-5678
Description: This vulnerability involves generating or checking excessively long X9.42 DH keys or parameters in OpenSSL. The flaw can cause applications using functions like DH_generate_key() and DH_check_pub_key() to experience long delays or crashes if the keys or parameters are obtained from untrusted sources.
Impact: It allows a remote attacker to exploit the flaw, potentially leading to a denial of service due to the excessive time required to process the keys or parameters.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The TPS is not vulnerable as we don't use the vulnerable OpenSSL functions in our product.
CVE-2023-38408
Description: Description: This vulnerability involves a remote code execution flaw in the PKCS#11 feature of ssh-agent in OpenSSH before version 9.3p2. The issue arises from an insufficiently trustworthy search path, allowing an attacker to exploit an agent forwarded to a malicious system.
Impact: It allows a remote attacker to execute arbitrary code with the privileges of the user running the ssh-agent, potentially compromising the affected system
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The TPS is not vulnerable as it doesn't utilize the listed functions in the product.
CVE-2023-40000
Description: This vulnerability involves improper neutralization of input during web page generation in the LiteSpeed Cache plugin for WordPress. The flaw allows stored cross-site scripting (XSS) attacks, where malicious scripts can be injected and stored in web pages.
Impact: It allows unauthenticated attackers to exploit the flaw, potentially creating admin accounts and gaining full control of affected WordPress websites.
Severity: The CVSS score for this vulnerability is 8.3, indicating a high severity level.
Trend Response: The TPS is not vulnerable as we don't utilize Wordpress in our product.
CVE-2023-48795
Description: This vulnerability involves a flaw in the SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before version 9.6 and other products. It allows remote attackers to bypass integrity checks, causing some packets to be omitted during the extension negotiation message. This can lead to a connection where some security features are downgraded or disabled, known as the Terrapin attack.
Impact: It allows a remote attacker to exploit the flaw, potentially compromising the security of SSH connections by downgrading encryption algorithms and bypassing signature algorithms.
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: This vulnerability was addressed in the 6.2.0 version of the TPS TOS.
CVE-2023-51384
Description: This vulnerability involves incomplete application of destination constraints in ssh-agent in OpenSSH before version 9.6. When destination constraints are specified during the addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
Impact: It allows an attacker to bypass destination constraints for PKCS#11-hosted private keys, potentially leading to unauthorized access.
Severity: The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
Trend Response: The TPS is not vulnerable as the attack vector for this vulnerability is local. TippingPoint also does not allow users direct access to the shell.
CVE-2023-51385
Description: This vulnerability involves OS command injection in OpenSSH before version 9.6. The flaw occurs if a user name or host name contains shell metacharacters and is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Impact: It allows a remote attacker to exploit the flaw, potentially executing arbitrary commands on the affected system.
Severity: The CVSS score for this vulnerability is 6.5, indicating a medium severity level.
Trend Response: The TPS is not vulnerable as the affected functions are not enabled in the product.
CVE-2023-51467
Description: This vulnerability involves an authentication bypass in Apache OFBiz, a Java-based web framework. The flaw allows attackers to bypass authentication processes, enabling them to remotely execute arbitrary code via Server-Side Request Forgery (SSRF).
Impact: It allows a remote attacker to exploit the flaw, potentially gaining unauthorized access and executing arbitrary commands on affected systems.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The TPS is not vulnerable as we do not use Apache OfBiz in our product.
CVE-2023-51767
Description: This vulnerability involves a potential row hammer attack in OpenSSH through version 9.6. The flaw occurs because the integer value of authenticated in the mm_answer_authpassword function does not resist single-bit flips, which can be exploited under certain conditions involving attacker-victim co-location and user privileges.
Impact: It allows a remote attacker to exploit the flaw, potentially bypassing authentication mechanisms by manipulating memory bits.
Severity: The CVSS score for this vulnerability is 7.0, indicating a high severity level.
Trend Response: The TPS is not vulnerable as our product does not allow direct access to shell by users.
CVE-2024-0727
Description: This vulnerability involves a NULL pointer dereference in OpenSSL when processing a maliciously formatted PKCS12 file. This flaw can cause OpenSSL to crash, leading to a potential denial of service attack.
Impact: It allows a remote attacker to exploit the flaw, causing applications that use OpenSSL to terminate abruptly, potentially disrupting services.
Severity: The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
Trend Response: The TPS is not vulnerable as we don't use those vulnerable OpenSSL functions in our product.
CVE-2024-1086
Description: This vulnerability involves a use-after-free issue in the Linux kernel's netfilter: nf_tables component. The flaw occurs when the nft_verdict_init() function allows positive values as drop errors within the hook verdict, leading to a double free vulnerability when NF_DROP is issued with a drop error resembling NF_ACCEPT.
Impact: It allows a local attacker to exploit the flaw, potentially achieving local privilege escalation by sending specially crafted packets to a Linux system with nftables enabled.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The TPS is not vulnerable.
CVE-2024-2511
Description: This vulnerability involves unbounded memory growth in certain non-default TLS server configurations when processing TLSv1.3 sessions. The flaw occurs if the SSL_OP_NO_TICKET option is used without early data support and default anti-replay protection, causing the session cache to fail to flush properly.
Impact: It allows a remote attacker to exploit the flaw, leading to unbounded memory growth and potentially causing a denial of service.
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: The TPS does not use the vulnerable functions outlined in the CVE.
CVE-2024-2876
Description: This vulnerability affects the Email Subscribers by Icegram Express plugin for WordPress (versions up to 5.7.14). It is a SQL injection issue in the run function of the IG_ES_Subscribers_Query class, caused by insufficient escaping of user-supplied parameters and lack of proper query preparation, allowing attackers to inject additional SQL statements.
Impact: An unauthenticated attacker can exploit this flaw to extract sensitive information from the WordPress database, including usernames, email addresses, password hashes, and subscriber lists, potentially leading to account compromise and data breaches.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: TPS doesn’t use WordPress, therefore it is not affected by the reported vulnerability.
CVE-2024-3094
Description: This vulnerability involves malicious code discovered in the upstream tarballs of xz, starting with version 5.6.0. The liblzma build process extracts a prebuilt object file from a disguised test file in the source code, which modifies specific functions in the liblzma library. This results in a compromised library that can intercept and modify data interactions.
Impact: It allows an attacker to exploit the modified liblzma library, potentially intercepting and altering data processed by any software linked against this library.
Severity: The CVSS score for this vulnerability is 10.0, indicating a critical severity level.
Trend Response: The TPS does not use an affected version of the xz libraries in our product.
CVE-2024-4603
Description: This vulnerability affects OpenSSL versions 3.0, 3.1, 3.2, and 3.3. It is a denial-of-service issue caused by excessive computation when checking DSA keys or parameters with an extremely large modulus using the functions EVP_PKEY_param_check() or EVP_PKEY_public_check(). These functions do not enforce size limits during validation, allowing an attacker to supply oversized values that significantly slow down processing.
Impact:An attacker who can provide malicious DSA keys or parameters from an untrusted source may cause applications performing these checks to hang or become unresponsive, resulting in a denial-of-service condition. The OpenSSL SSL/TLS implementation is not affected, but applications and command-line tools using the -check option are vulnerable.
Severity: The CVSS score for this vulnerability is 5.3, indicating a medium severity level.
Trend Response: TPS is not affected because no code on TPS calls either of the affected functions with an untrusted key.
CVE-2024-4741
Description: This vulnerability involves a use-after-free issue in the OpenSSL API function SSL_free_buffers. The flaw occurs when memory that was previously freed is accessed, potentially leading to data corruption, crashes, or arbitrary code execution.
Impact: It allows a remote attacker to exploit the flaw, causing applications that use OpenSSL to crash or execute arbitrary code, which can compromise the affected system.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: The TPS is not vulnerable as it doesn't utilized the listed functions in the product.
CVE-2024-6387
Description: This vulnerability involves a race condition in OpenSSH's server (sshd). The flaw occurs when the sshd SIGALRM handler is called asynchronously if a client fails to authenticate within the LoginGraceTime period. This signal handler calls functions that are not async-signal-safe, leading to potential remote code execution.
Impact: It allows an unauthenticated remote attacker to exploit the flaw, potentially executing arbitrary code on the affected system.
Severity: The CVSS score for this vulnerability is 8.1, indicating a high severity level.
Trend Response: The TPS is not vulnerable as the affected version of OpenSSH libraries are not enabled in the product.
CVE-2024-39894
Description: This vulnerability involves a logic error in OpenSSH versions 9.5 through 9.7 that allows timing attacks against echo-off password entry (e.g., for su and sudo). The flaw, known as ObscureKeystrokeTiming, can also lead to other timing attacks against keystroke entry.
Impact: It allows a remote attacker to exploit the timing flaw, potentially gaining unauthorized access to affected systems by analyzing keystroke timings and bypassing password protections.
Severity: The CVSS score for this vulnerability is 7.5, indicating a high severity level.
Trend Response: TPS does not use a version of OpenSSH affected by this vulnerability.
CVE-2025-1094
Description: This vulnerability involves improper neutralization of quoting syntax in PostgreSQL's libpq functions (PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn()). It allows SQL injection when the function results are used to construct input for psql, the PostgreSQL interactive terminal. Additionally, improper neutralization in PostgreSQL command line utilities can lead to SQL injection when certain encodings are used.
Impact: It allows an attacker to inject SQL commands through quoting syntax functions or command line arguments, potentially compromising the database or executing arbitrary commands.
Severity: The CVSS score for this vulnerability is 8.1, indicating a high severity level.
Trend Response: The TPS is not vulnerable as it doesn't utilize PostgreSQL in the product.
CVE-2025-21756
Description: This vulnerability affects the Linux kernel’s vsock (Virtual Socket) implementation in versions prior to 6.6.79, 6.12.16, 6.13.4, and 6.14-rc1. It is a use-after-free issue caused by improper reference counting and socket list management during transport reassignment, which can lead to memory corruption when creating, binding, or releasing sockets.
Impact: A local attacker with the ability to create and manipulate vsock sockets can exploit this flaw to escalate privileges to root, execute arbitrary code in kernel context, or cause a denial of service by crashing the system.
Severity: The CVSS score for this vulnerability is 7.8, indicating a high severity level.
Trend Response: The attack vector of the vulnerability is Local. Therefore, the attacker needs to have root access which is only available through service mode.
CVE-2025-24813
Description: This vulnerability involves path equivalence issues in Apache Tomcat versions 9.0.0.M1 through 11.0.2. It allows remote code execution, information disclosure, or malicious content injection via write-enabled Default Servlet and partial PUT support.
Impact: It allows a remote attacker to exploit the flaw, potentially gaining unauthorized access to sensitive files or injecting malicious content into uploaded files.
Severity: The CVSS score for this vulnerability is 9.8, indicating a critical severity level.
Trend Response: The TPS is not vulnerable as we don't use Apache Tomcat in the product.
CVE-2025-26465
Description: This vulnerability involves a flaw in OpenSSH when the VerifyHostKeyDNS option is enabled. It allows a machine-in-the-middle attack by a malicious machine impersonating a legitimate server. The issue arises from how OpenSSH mishandles error codes under specific conditions when verifying the host key.
Impact: It allows a remote attacker to exploit the flaw, potentially exhausting the client's memory resources and performing a machine-in-the-middle attack.
Severity: The CVSS score for this vulnerability is 6.8, indicating a medium severity level.
Trend Response: The TPS is not vulnerable.
CVE-2025-26466
Description: This vulnerability involves a flaw in OpenSSH where each ping packet received by the SSH server leads to the allocation of a pong packet in a memory buffer. These packets are stored in a queue and only freed after the server/client key exchange is completed. A malicious client can exploit this by continuously sending ping packets, causing uncontrolled memory consumption on the server side.
Impact: It allows a remote attacker to exploit the flaw, potentially leading to a denial of service as the server may run out of memory and become unavailable.
Severity: The CVSS score for this vulnerability is 5.9, indicating a medium severity level.
Trend Response: The TPS is not vulnerable as it doesn't utilize an affected version of OpenSSH.
CVE-2025-29774
Description: This vulnerability involves improper verification of cryptographic signatures in the xml-crypto library for Node.js. An attacker can exploit this flaw to modify a valid signed XML message in a way that still passes signature verification checks.
Impact: It allows an attacker to bypass authentication or authorization mechanisms, potentially escalating privileges or impersonating another user.
Severity: The CVSS score for this vulnerability is 9.3, indicating a critical severity level.
Trend Response: The TPS is not vulnerable as it doesn't utilize Node.js in the product.
CVE-2025-32433
Description: This vulnerability involves a flaw in the SSH protocol message handling in Erlang/OTP libraries. It allows unauthenticated remote code execution via the SSH server. The issue is present in versions prior to OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
Impact: It allows a remote attacker to exploit the flaw, potentially gaining unauthorized access to affected systems and executing arbitrary commands without valid credentials.
Severity: The CVSS score for this vulnerability is 10.0, indicating a critical severity level.
Trend Response: The TPS is not vulnerable as we don't use Erlang/OTP in the product.
CVE-2025-61984
Description: This vulnerability affects OpenSSH versions prior to 10.1 and involves improper sanitization of control characters in usernames when expanding the ProxyCommand string.
Impact: It allows a local attacker with knowledge of the SSH configuration and hostname match conditions to exploit the flaw, potentially executing arbitrary commands. This is particularly concerning in environments using SSH proxies or dynamic configuration scripts, where the ProxyCommand is constructed from user input.
Severity: The CVSS score for this vulnerability is 3.6, indicating a low severity level.
Trend Response: This vulnerability relies on the ProxyCommand feature, which we do not enable and which is not exploitable on the TPS.