CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42779 – Gentoo Linux Security Advisory 202209-03
https://notcve.org/view.php?id=CVE-2021-42779
18 Apr 2022 — A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. Se encontró un problema de uso de memoria previamente liberada de la pila en Opensc versiones anteriores a 0.22.0, en la función sc_file_valid Multiple vulnerabilities have been discovered in OpenSC, the worst of which could result in the execution of arbitrary code. Versions less than 0.22.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1304 – e2fsprogs: out-of-bounds read/write via crafted filesystem
https://notcve.org/view.php?id=CVE-2022-1304
14 Apr 2022 — An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Se ha encontrado una vulnerabilidad de lectura/escritura fuera de límites en e2fsprogs versión 1.46.5. Este problema conlleva a un fallo de segmentación y posiblemente una ejecución de código arbitrario por medio de un sistema de archivos especialmente diseñado An out-of-bounds read/write vulnerability was found in e2fspro... • https://bugzilla.redhat.com/show_bug.cgi?id=2069726 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0CVE-2021-3979 – ceph: Ceph volume does not honour osd_dmcrypt_key_size
https://notcve.org/view.php?id=CVE-2021-3979
05 Apr 2022 — A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que e... • https://access.redhat.com/security/cve/CVE-2021-3979 • CWE-287: Improper Authentication CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-27651 – buildah: Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-27651
04 Apr 2022 — A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. Se ha encontrado un fallo en buildah por el que los c... • https://bugzilla.redhat.com/show_bug.cgi?id=2066840 • CWE-276: Incorrect Default Permissions •
CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35501
https://notcve.org/view.php?id=CVE-2020-35501
30 Mar 2022 — A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem Se ha encontrado un fallo en la implementación de reglas de auditoría en los kernels de Linux, donde una llamada al sistema puede no ser registrada correctamente por el subsistema de auditoría • https://bugzilla.redhat.com/show_bug.cgi?id=1908577 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-27191 – golang: crash in a golang.org/x/crypto/ssh server
https://notcve.org/view.php?id=CVE-2022-27191
18 Mar 2022 — The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. El paquete golang.org/x/crypto/ssh anterior a 0.0.0-20220314234659-1baeb1ce4c0b para Go permite a un atacante bloquear un servidor en ciertas circunstancias que implican AddHostKey A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject ... • https://groups.google.com/g/golang-announce • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 3CVE-2022-1011 – kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes
https://notcve.org/view.php?id=CVE-2022-1011
18 Mar 2022 — A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una... • https://packetstorm.news/files/id/166772 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 0CVE-2022-0711 – haproxy: Denial of service via set-cookie2 header
https://notcve.org/view.php?id=CVE-2022-0711
02 Mar 2022 — A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en la forma en que HAProxy procesa las respuestas HTTP que contienen el encabezado "Set-Cookie2". Este fallo podría permitir a un atacante enviar paquetes de respuesta H... • https://access.redhat.com/security/cve/cve-2022-0711 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3700 – Ubuntu Security Notice USN-5784-1
https://notcve.org/view.php?id=CVE-2021-3700
24 Feb 2022 — A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la función usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando ... • https://bugzilla.redhat.com/show_bug.cgi?id=1992830 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20320
https://notcve.org/view.php?id=CVE-2021-20320
18 Feb 2022 — A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Se encontró un fallo en s390 eBPF JIT en la función bpf_jit_insn en el archivo arch/s390/net/bpf_jit_comp.c en el kernel de Linux. En este fallo, un atacante local con privilegios de usuario especiales puede omitir el verificador y puede conllevar a un problema de confidencialid... • https://bugzilla.redhat.com/show_bug.cgi?id=2010090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •