CVSS: 8.5EPSS: 0%CPEs: 21EXPL: 0CVE-2024-1135 – HTTP Request Smuggling in benoitc/gunicorn
https://notcve.org/view.php?id=CVE-2024-1135
16 Apr 2024 — Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerabilit... • https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.6EPSS: 0%CPEs: 28EXPL: 0CVE-2024-1753 – Buildah: full container escape at build time
https://notcve.org/view.php?id=CVE-2024-1753
18 Mar 2024 — A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. Se encontró una fa... • https://access.redhat.com/errata/RHSA-2024:2049 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27099 – Azure IoT Platform Device SDK Double Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-27099
27 Feb 2024 — The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. uAMQP es una librería C para la comunicación de AMQP 1.0 con Azure Cloud Services. Al procesar un estado fallido `AMQP_VALUE` incorrecto, puede causar un problema de doble liberación. • https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987 • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-25110 – Azure IoT Platform Device SDK Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-25110
12 Feb 2024 — The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. UAMQP es una librería C de uso general para AMQP 1.0. • https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 31EXPL: 0CVE-2022-21505 – kernel: lockdown bypass using IMA
https://notcve.org/view.php?id=CVE-2022-21505
20 Apr 2023 — In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). An authentication bypass flaw ... • https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b • CWE-305: Authentication Bypass by Primary Weakness CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2021-34981 – Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-34981
21 Oct 2021 — Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. • https://www.zerodayinitiative.com/advisories/ZDI-21-1223 • CWE-415: Double Free •