CVSS: 9.9EPSS: 18%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de Samba usa atributos de archivo extendidos (EA, xattr) para proporcionar "...compatibilidad mejorada con los clientes SMB de Apple e interoperabilidad con un servidor de archivos AFP de Netatalk 3". Samba versiones anteriores a 4.13.17, 4.14.12 y 4.15.5 con vfs_fruit configurado permiten una lectura y escritura fuera de límites de la pila por medio de atributos de archivo extendidos especialmente diseñados. • https://github.com/horizon3ai/CVE-2021-44142 https://github.com/gudyrmik/CVE-2021-44142 https://github.com/hrsman/Samba-CVE-2021-44142 https://bugzilla.samba.org/show_bug.cgi?id=14914 https://kb.cert.org/vuls/id/119678 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-44142.html https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin https://access.redhat&# • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10751 – kernel: SELinux netlink permission check bypass
https://notcve.org/view.php?id=CVE-2020-10751
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. Se detectó un fallo en la implementación del enlace SELinux LSM de kernels de Linux versiones anteriores a 5.7, donde se asumía incorrectamente que un skb solo contendría un único mensaje netlink. El enlace incorrectamente solo comprobaría el primer mensaje netlink en el skb y permitiría o denegaría el resto de los mensajes dentro del skb con el permiso otorgado sin procesamiento adicional. A flaw was found in the Linux kernel’s SELinux LSM hook implementation, where it anticipated the skb would only contain a single Netlink message. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00008.html http://www.openwall.com/lists/oss-security/2020/05/27/3 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10751 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ffaaf57a7c42f35424d9aece1a5af6 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 8.8EPSS: 0%CPEs: 757EXPL: 0CVE-2019-0155 – hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write
https://notcve.org/view.php?id=CVE-2019-0155
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access. Un control de acceso insuficiente en un subsistema para Intel® processor graphics en 6th, 7th, 8th and 9th Generation Intel® Core(TM) Processor Families; Intel® Pentium® Processor J, N, Silver y Gold Series; Intel® Celeron® Processor J, N, G3900 y G4900 Series; Intel® Atom® Processor A y E3900 Series; Intel® Xeon® Processor E3-1500 v5 y v6, E-2100 y E-2200 Processor Families; Intel® Graphics Driver para versiones de Windows anteriores a 26.20.100.6813 (DCH) o 26.20.100.6812 y versiones anteriores a 21.20.x.5077 (también se conoce como 15.45.5077), i915 Linux Driver para Intel® Processor Graphics versiones anteriores a 5.4-rc7, 5.3. 11, 4.19.84, 4.14.154, 4.9.201, 4.4.201, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local. A flaw was found in the Intel graphics hardware (GPU), where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to the address space required to function correctly. • http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html https://access.redhat.com/errata/RHSA-2019:3841 https://access.redhat.com/errata/RHSA-2019:3887 https://access.redhat.com/errata/RHSA-2019:3889 https://access.redhat.com/errata/RHSA-2019:3908 https://access.redhat.com/errata/RHSA-2020:0204 https://seclists.org/bugtraq/2019/Nov/26 https://security.netapp.com/advisory/ntap-20200320-0005 https://support.f5.com/csp/article/K73659122 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0205 – thrift: Endless loop when feed with specific input data
https://notcve.org/view.php?id=CVE-2019-0205
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. En Apache Thrift, todas las versiones hasta 0.12.0 incluyéndola, un servidor o cliente pueden correr en un bucle sin fin cuando es alimentado con datos de entrada específicos. Debido a que el problema ya se había solucionado parcialmente en la versión 0.11.0, dependiendo de la versión instalada, solo afecta a determinados enlaces de idiomas. • http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8%40%3Ccommits.cassandra.apache.org%3E https://lists.apache.org/thread.html/07bd68ad237a5d • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0210 – thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
https://notcve.org/view.php?id=CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. En Apache Thrift versiones 0.9.3 hasta 0.12.0, un servidor implementado en Go usando TJSONProtocol o TSimpleJSONProtocol puede entrar en pánico cuando es alimentado con datos de entrada no válidos. • http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E https://access.redhat.com/errata/RHSA-2020:0804 https://access.redhat.com/errata/RHSA-2020:0805 https://access.redhat.com/errata/RHSA-2020:0806 https://access.redhat.com/errata/RHSA-2020:0811 https://lists.apache.org/thread.html/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9%40%3Ccommits&# • CWE-125: Out-of-bounds Read •