CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0695 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0695
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Una Denegación de Servicio en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-25058 – usbguard: Fix unauthorized access via D-Bus
https://notcve.org/view.php?id=CVE-2019-25058
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. Se ha detectado un problema en USBGuard versiones anteriores a 1.1.0. En sistemas con el demonio usbguard-dbus en ejecución, un usuario no privilegiado podía hacer que USBGuard permitiera la conexión de todos los dispositivos USB en el futuro A flaw was found in usbguard. The vulnerability occurs due to the No default access control list(ACL) on some D-Bus methods and leads to unauthorized access. • https://github.com/USBGuard/usbguard/issues/273 https://github.com/USBGuard/usbguard/issues/403 https://github.com/USBGuard/usbguard/pull/531 https://lists.debian.org/debian-lts-announce/2022/04/msg00010.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B2ET6DU4IA64M6TMQ4X3SG2L6TRPLDN6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3HQVTHHJFQLSWSXA7W3ZHRF72YMPI46 https://lists.fedoraproject.org/archives/list/package-announce%40lis • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0476 – Denial of Service in radareorg/radare2
https://notcve.org/view.php?id=CVE-2022-0476
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. Una Denegación de Servicio en el repositorio de GitHub radareorg/radare2 versiones anteriores a 5.6.4 • https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZTIMAS53YT66FUS4QHQAFRJOBMUFG6D https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E6YBRQ3UCFWJVSOYIKPVUDASZ544TFND • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 9%CPEs: 50EXPL: 5CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada • https://github.com/chenaotian/CVE-2022-0492 https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC https://github.com/bb33bb/CVE-2022-0492 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/17 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 60EXPL: 2CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •