Page 12 of 1332 results (0.031 seconds)

CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se encontró un fallo en SSSD, donde el comando sssctl era vulnerable a la inyección de comandos de shell por medio de los subcomandos logs-fetch y cache-expire. Este fallo permite a un atacante engañar al usuario root para que ejecute un comando sssctl especialmente diseñado, por ejemplo por medio de sudo, para conseguir acceso de root. • https://bugzilla.redhat.com/show_bug.cgi?id=1975142 https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html https://sssd.io/release-notes/sssd-2.6.0.html https://access.redhat.com/security/cve/CVE-2021-3621 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: 35EXPL: 1

A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. Se ha encontrado un fallo en la biblioteca c-ares, en la que una falta de comprobación de la comprobación de entrada de los nombres de host devueltos por los DNS (Servidores de Nombres de Dominio) puede conllevar a una salida de nombres de host erróneos, que podría conllevar potencialmente a un Secuestro de Dominios. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad, así como para la disponibilidad del sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1988342 https://c-ares.haxx.se/adv_20210810.html https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://security.gentoo.org/glsa/202401-02 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-3672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.0EPSS: 0%CPEs: 68EXPL: 1

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privilegios. Esta condición de carrera en el archivo net/can/bcm.c en el kernel de Linux permite una escalada de privilegios local a root A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463 https://security.netapp.com/advisory/ntap-20220419-0004 https://www.openwall.com/lists/oss-security/2021/06/19/1 https://access.redhat.com/security/cve/CVE-2021-3609 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el servidor PKI, donde el comando spkispawn, cuando es ejecutado en modo de depuración, almacena las credenciales de administrador en el archivo de registro de la instalación. Este fallo permite a un atacante local recuperar el archivo para obtener la contraseña de administrador y alcanzar privilegios de administrador en el administrador de Dogtag CA. • https://bugzilla.redhat.com/show_bug.cgi?id=1959971 https://access.redhat.com/security/cve/CVE-2021-3551 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.6EPSS: 0%CPEs: 20EXPL: 0

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en grub2 en versiones anteriores a 2.06. • https://bugzilla.redhat.com/show_bug.cgi?id=1886936 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWZ36QK4IKU6MWDWNOOWKPH3WXZBHT2R https://security.gentoo.org/glsa/202104-05 https://security.netapp.com/advisory/ntap-20220325-0001 https://access.redhat.com/security/cve/CVE-2020-25647 • CWE-787: Out-of-bounds Write •