SEC Consult Vulnerability Lab Security Advisory < 20230117-2 >
===
title: Multiple post-authentication vulnerabilities including RCE
product: OpenText™ Content Server component of OpenText™ Extended
ECM
SEC Consult Vulnerability Lab Security Advisory < 20230117-1 >
===
title: Pre-authenticated Remote Code Execution via Java frontend
and QDS endpoint
product: OpenText™ Content Serve
SEC Consult Vulnerability Lab Security Advisory < 20230117-0 >
===
title: Pre-authenticated Remote Code Execution in cs.exe
product: OpenText™ Content Server component of OpenText™ Extended
ECM
vulner
Dear Full Disclosure,
Find attached a security advisory that details multiple
vulnerabilities we discovered in Oracle Solaris CDE dtprintinfo, Motif
libXm, and X.Org libXpm.
* Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm
* Products: Common Desktop Environment 1.6, Motif
# wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSL_CALLBACKS
## INFO
===
The CVE project has assigned the id CVE-2022-42905 to this issue.
Severity: 9.1 CRITICAL
Affected version: before 5.5.2
End of embargo: Ended
# wolfSSL before 5.5.0: Denial-of-service with session resumption
=
## INFO
===
The CVE project has assigned the id CVE-2022-38152 to this issue.
Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30,
# wolfSSL 5.3.0: Denial-of-service
==
## INFO
===
The CVE project has assigned the id CVE-2022-38153 to this issue.
Severity: 5.9 MEDIUM
Affected version: 5.3.0
End of embargo: Ended August 30, 2022
Blog Post:
https://blog.trailofbits.com/2023/01/12/wolfssl-v
# wolfSSL before 5.5.0: Denial-of-service with session resumption
=
## INFO
===
The CVE project has assigned the id CVE-2022-38152 to this issue.
Severity: 7.5 HIGH
Affected version: before 5.5.0
End of embargo: Ended August 30,
