Common Weakness Enumeration

CWE-1038

Allowed-with-Review

Insecure Automated Optimizations

Abstraction: Class · Status: Draft

The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.

10 vulnerabilities reference this CWE, most recent first.

CVE-2025-48877 (GCVE-0-2025-48877)

Vulnerability from cvelistv5 – Published: 2025-06-09 12:36 – Updated: 2025-06-09 15:17
VLAI
Title
Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
Summary
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site's `allowed_iframes`.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
Vendor Product Version
discourse discourse Affected: < 3.4.4
Affected: < 3.5.0.beta5
Affected: < 3.5.0.beta6-dev
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-48877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-09T15:11:20.634452Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-09T15:17:08.586Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "discourse",
          "vendor": "discourse",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.4.4"
            },
            {
              "status": "affected",
              "version": "\u003c 3.5.0.beta5"
            },
            {
              "status": "affected",
              "version": "\u003c 3.5.0.beta6-dev"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitrary JS in the iframe scope, which is unintended. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. As a workaround, the Codepen prefix can be removed from a site\u0027s `allowed_iframes`."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1038",
              "description": "CWE-1038: Insecure Automated Optimizations",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-09T12:36:29.651Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/discourse/discourse/security/advisories/GHSA-cm93-6m2m-cjcv"
        }
      ],
      "source": {
        "advisory": "GHSA-cm93-6m2m-cjcv",
        "discovery": "UNKNOWN"
      },
      "title": "Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-48877",
    "datePublished": "2025-06-09T12:36:29.651Z",
    "dateReserved": "2025-05-27T20:14:34.296Z",
    "dateUpdated": "2025-06-09T15:17:08.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52971 (GCVE-0-2023-52971)

Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-05-12 15:31
VLAI
Summary
MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
Vendor Product Version
MariaDB MariaDB Affected: 10.10 , < 10.11.* (custom)
Affected: 11.0 , < 11.4.* (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T14:51:07.523280Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T15:31:11.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MariaDB",
          "vendor": "MariaDB",
          "versions": [
            {
              "lessThan": "10.11.*",
              "status": "affected",
              "version": "10.10",
              "versionType": "custom"
            },
            {
              "lessThan": "11.4.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1038",
              "description": "CWE-1038 Insecure Automated Optimizations",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-08T22:54:37.997Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://jira.mariadb.org/browse/MDEV-32084"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-52971",
    "datePublished": "2025-03-08T00:00:00.000Z",
    "dateReserved": "2025-03-08T00:00:00.000Z",
    "dateUpdated": "2025-05-12T15:31:11.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52970 (GCVE-0-2023-52970)

Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28
VLAI
Summary
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1038 - Insecure Automated Optimizations
Assigner
Impacted products
Vendor Product Version
MariaDB MariaDB Affected: 10.4 , < 10.5.* (custom)
Affected: 10.6 , < 10.6.* (custom)
Affected: 10.7 , < 10.11.* (custom)
Affected: 11.0 , < 11.0.* (custom)
Affected: 11.1 , < 11.4.* (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T14:51:41.279300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-12T15:30:48.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:28:54.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MariaDB",
          "vendor": "MariaDB",
          "versions": [
            {
              "lessThan": "10.5.*",
              "status": "affected",
              "version": "10.4",
              "versionType": "custom"
            },
            {
              "lessThan": "10.6.*",
              "status": "affected",
              "version": "10.6",
              "versionType": "custom"
            },
            {
              "lessThan": "10.11.*",
              "status": "affected",
              "version": "10.7",
              "versionType": "custom"
            },
            {
              "lessThan": "11.0.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "11.4.*",
              "status": "affected",
              "version": "11.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1038",
              "description": "CWE-1038 Insecure Automated Optimizations",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-09T21:51:34.624Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://jira.mariadb.org/browse/MDEV-32086"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-52970",
    "datePublished": "2025-03-08T00:00:00.000Z",
    "dateReserved": "2025-03-08T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:28:54.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52969 (GCVE-0-2023-52969)

Vulnerability from cvelistv5 – Published: 2025-03-08 00:00 – Updated: 2025-11-03 19:28
VLAI
Summary
MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1038 - Insecure Automated Optimizations
Assigner
Impacted products
Vendor Product Version
MariaDB MariaDB Affected: 10.4 , < 10.5.* (custom)
Affected: 10.6 , < 10.6.* (custom)
Affected: 10.7 , < 10.11.* (custom)
Affected: 11.0 , < 11.0.* (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T15:57:59.488189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T15:58:06.577Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:28:53.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MariaDB",
          "vendor": "MariaDB",
          "versions": [
            {
              "lessThan": "10.5.*",
              "status": "affected",
              "version": "10.4",
              "versionType": "custom"
            },
            {
              "lessThan": "10.6.*",
              "status": "affected",
              "version": "10.6",
              "versionType": "custom"
            },
            {
              "lessThan": "10.11.*",
              "status": "affected",
              "version": "10.7",
              "versionType": "custom"
            },
            {
              "lessThan": "11.0.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1038",
              "description": "CWE-1038 Insecure Automated Optimizations",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-08T22:52:43.409Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://jira.mariadb.org/browse/MDEV-32083"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-52969",
    "datePublished": "2025-03-08T00:00:00.000Z",
    "dateReserved": "2025-03-08T00:00:00.000Z",
    "dateUpdated": "2025-11-03T19:28:53.463Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-31220 (GCVE-0-2022-31220)

Vulnerability from cvelistv5 – Published: 2022-09-12 18:35 – Updated: 2024-09-16 16:28
VLAI
Summary
Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures.
CWE
  • CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
Vendor Product Version
Dell CPG BIOS Affected: unspecified , < 21Q4 platforms (custom)
Create a notification for this product.
Date Public
2022-08-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:11:39.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000202196"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "21Q4 platforms",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1038",
              "description": "CWE-1038: Insecure Automated Optimizations",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-12T18:35:17.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/000202196"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2022-08-05",
          "ID": "CVE-2022-31220",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CPG BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "21Q4 platforms"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell BIOS versions contain an Unchecked Return Value vulnerability. A local authenticated administrator user could potentially exploit this vulnerability in order to change the state of the system or cause unexpected failures."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 3,
            "baseSeverity": "Low",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1038: Insecure Automated Optimizations"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/000202196",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/000202196"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-31220",
    "datePublished": "2022-09-12T18:35:17.543Z",
    "dateReserved": "2022-05-19T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:28:32.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-26861 (GCVE-0-2022-26861)

Vulnerability from cvelistv5 – Published: 2022-09-06 20:15 – Updated: 2026-05-27 13:03
VLAI
Summary
Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1038 - Insecure Automated Optimizations
Assigner
References
Impacted products
Vendor Product Version
Dell CPG BIOS Affected: unspecified , < Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4 (custom)
Create a notification for this product.
Date Public
2022-08-04 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:18:37.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.dell.com/support/kbdoc/000202194"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-26861",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T17:56:14.298041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T13:03:13.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CPG BIOS",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1038",
              "description": "CWE-1038: Insecure Automated Optimizations",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-06T20:15:20.000Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.dell.com/support/kbdoc/000202194"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2022-08-04",
          "ID": "CVE-2022-26861",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CPG BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "Gen7, Gen8, Gen9, Gen10, Gen11, 21Q1-Q4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dell"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.9,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1038: Insecure Automated Optimizations"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.dell.com/support/kbdoc/000202194",
              "refsource": "MISC",
              "url": "https://www.dell.com/support/kbdoc/000202194"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2022-26861",
    "datePublished": "2022-09-06T20:15:20.148Z",
    "dateReserved": "2022-03-10T00:00:00.000Z",
    "dateUpdated": "2026-05-27T13:03:13.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-3WWX-63FV-PFQ6

Vulnerability from github – Published: 2024-10-21 19:03 – Updated: 2024-10-21 21:41
VLAI
Summary
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Details

Impact

A policy rule denying a prefix that is broader than /32 may be ignored if there is

  • A policy rule referencing a more narrow prefix (CIDRSet or toFQDN) and
  • This narrower policy rule specifies either enableDefaultDeny: false or - toEntities: all

Note that a rule specifying toEntities: world or toEntities: 0.0.0.0/0 is insufficient, it must be to entity all.

As an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:

apiVersion: cilium.io/v2
kind: CiliumClusterwideNetworkPolicy
metadata:
  name: block-scary-range
spec:
  endpointSelector: {}
  egressDeny:
  - toCIDRSet:
    - cidr: 1.0.0.0/8

---

apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
  name: evade-deny
spec:
  endpointSelector: {}
  egress:
  - toCIDR:
    - 1.1.1.2/32
  - toEntities:
    - all

Patches

This issue affects:

  • Cilium v1.14 between v1.14.0 and v1.14.15 inclusive
  • Cilium v1.15 between v1.15.0 and v1.15.9 inclusive

This issue has been patched in:

  • Cilium v1.14.16
  • Cilium v1.15.10

Workarounds

Users with policies using enableDefaultDeny: false can work around this issue by removing this configuration option and explicitly defining any allow rules required.

No workaround is available to users with egress policies that explicitly specify toEntities: all.

Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.

For more information

If you have any questions or comments about this advisory, please reach out on Slack.

If you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at security@cilium.io. This is a private mailing list for the Cilium security team, and your report will be treated with top priority.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.15.0"
            },
            {
              "fixed": "1.15.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/cilium/cilium"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.14.0"
            },
            {
              "fixed": "1.14.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-47825"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1038",
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-21T19:03:47Z",
    "nvd_published_at": "2024-10-21T19:15:03Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA policy rule denying a prefix that is broader than /32 may be ignored if there is\n\n- A policy rule referencing a more narrow prefix (`CIDRSet` or `toFQDN`) **and**\n- This narrower policy rule specifies either `enableDefaultDeny: false` or `- toEntities: all`\n\nNote that a rule specifying `toEntities: world` or `toEntities: 0.0.0.0/0` is insufficient, it must be to entity `all`.\n\nAs an example, given the below policies, traffic is allowed to 1.1.1.2, when it should be denied:\n\n```\napiVersion: cilium.io/v2\nkind: CiliumClusterwideNetworkPolicy\nmetadata:\n  name: block-scary-range\nspec:\n  endpointSelector: {}\n  egressDeny:\n  - toCIDRSet:\n    - cidr: 1.0.0.0/8\n\n---\n\napiVersion: cilium.io/v2\nkind: CiliumNetworkPolicy\nmetadata:\n  name: evade-deny\nspec:\n  endpointSelector: {}\n  egress:\n  - toCIDR:\n    - 1.1.1.2/32\n  - toEntities:\n    - all\n```\n\n### Patches\n\nThis issue affects:\n\n- Cilium v1.14 between v1.14.0 and v1.14.15 inclusive\n- Cilium v1.15 between v1.15.0 and v1.15.9 inclusive\n\nThis issue has been patched in:\n\n- Cilium v1.14.16\n- Cilium v1.15.10\n\n### Workarounds\n\nUsers with policies using `enableDefaultDeny: false` can work around this issue by removing this configuration option and explicitly defining any allow rules required.\n\nNo workaround is available to users with egress policies that explicitly specify `toEntities: all`.\n\n### Acknowledgements\n\nThe Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to @squeed, @christarazi, and @jrajahalme for their work in triaging and resolving this issue.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nIf you think you have found a vulnerability affecting Cilium, we strongly encourage you to report it to our security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and your report will be treated with top priority.\n",
  "id": "GHSA-3wwx-63fv-pfq6",
  "modified": "2024-10-21T21:41:15Z",
  "published": "2024-10-21T19:03:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/security/advisories/GHSA-3wwx-63fv-pfq6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47825"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/commit/02d28d9ac9afcaddd301fae6fb4d6cda8c2d0c45"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cilium/cilium/commit/9c01afb5646af3f0c696421a410dc66c513b6524"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/cilium/cilium"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cilium\u0027s CIDR deny policies may not take effect when a more narrow CIDR allow is present"
}

GHSA-G8XG-6V3J-W97F

Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-11-03 21:33
VLAI
Details

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., 11.0 through 11.0., and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52970"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1038"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-08T23:15:14Z",
    "severity": "MODERATE"
  },
  "details": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.",
  "id": "GHSA-g8xg-6v3j-w97f",
  "modified": "2025-11-03T21:33:09Z",
  "published": "2025-03-09T00:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52970"
    },
    {
      "type": "WEB",
      "url": "https://jira.mariadb.org/browse/MDEV-32086"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GX7H-6FR6-J29H

Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-11-03 21:33
VLAI
Details

MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1038"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-08T23:15:14Z",
    "severity": "MODERATE"
  },
  "details": "MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.",
  "id": "GHSA-gx7h-6fr6-j29h",
  "modified": "2025-11-03T21:33:08Z",
  "published": "2025-03-09T00:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52969"
    },
    {
      "type": "WEB",
      "url": "https://jira.mariadb.org/browse/MDEV-32083"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00006.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J57W-CC2H-3W6W

Vulnerability from github – Published: 2025-03-09 00:30 – Updated: 2025-03-09 00:30
VLAI
Details

MariaDB Server 10.10 through 10.11. and 11.0 through 11.4. crashes in JOIN::fix_all_splittings_in_plan.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1038"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-08T23:15:14Z",
    "severity": "MODERATE"
  },
  "details": "MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.",
  "id": "GHSA-j57w-cc2h-3w6w",
  "modified": "2025-03-09T00:30:52Z",
  "published": "2025-03-09T00:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52971"
    },
    {
      "type": "WEB",
      "url": "https://jira.mariadb.org/browse/MDEV-32084"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.