CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 169CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
26 Jan 2022 — A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfull... • https://packetstorm.news/files/id/166196 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-23858
https://notcve.org/view.php?id=CVE-2022-23858
24 Jan 2022 — A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2. Se ha encontrado un fallo en la API REST. Una llamada a la API REST mal gestionada podría permitir a cualquier usuario registrado elevar los privilegios hasta la cuenta del sistema. • https://www.starwindsoftware.com/security/sw-20220121-0001 •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2020-25704 – kernel: perf_event_parse_addr_filter memory
https://notcve.org/view.php?id=CVE-2020-25704
02 Dec 2020 — A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. Se encontró una perdida de memoria de fallo en el subsistema de monitoreo del rendimiento del kernel de Linux en el modo si se usaba PERF_EVENT_IOC_SET_FILTER. Un usuario local podría utilizar este fallo para privar los recursos causando una denegación de servicio A memory leak flaw was found ... • https://bugzilla.redhat.com/show_bug.cgi?id=1895961 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-20807 – vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode
https://notcve.org/view.php?id=CVE-2019-20807
28 May 2020 — In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua). En Vim versiones anteriores a 8.1.0881, los usuarios pueden omitir el modo restringido rvim y ejecutar comandos arbitrarios de Sistema Operativo por medio de interfaces de scripting (por ejemplo, Python, Ruby o Lua). A flaw was found in vim in the restricted mode, where all commands that make use of external shells are disabled. However, it was found ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00018.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •