CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3660 – cockpit: pages vulnerable to clickjacking
https://notcve.org/view.php?id=CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. Cockpit (y sus plugins) no parecen protegerse contra un ataque de clickjacking. Es posible renderizar una página de un servidor de Cockpit por medio de otro sitio web, dentro de una entrada HTML (iFrame). • https://bugzilla.redhat.com/show_bug.cgi?id=1980688 https://github.com/cockpit-project/cockpit/commit/8d9bc10d8128aae03dfde62fd00075fe492ead10 https://github.com/cockpit-project/cockpit/issues/16122 https://access.redhat.com/security/cve/CVE-2021-3660 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.8EPSS: 12%CPEs: 59EXPL: 31CVE-2022-0847 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inicialización apropiada en las funciones copy_page_to_iter_pipe y push_pipe en el kernel de Linux y, por tanto, podía contener valores obsoletos. Un usuario local no privilegiado podía usar este fallo para escribir en páginas de la caché de páginas respaldadas por archivos de sólo lectura y así escalar sus privilegios en el sistema Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages. Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. • https://www.exploit-db.com/exploits/50808 https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits https://github.com/r1is/CVE-2022-0847 https://github.com/bbaranoff/CVE-2022-0847 https://github.com/Al1ex/CVE-2022-0847 https://github.com/antx-code/CVE-2022-0847 https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker https://github.com/knqyf263/CVE-2022-0847 https://github.com/chenaotian/CVE-2022- • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 1CVE-2021-3762 – quay/claircore: directory traversal when scanning crafted container image layer allows for arbitrary file write
https://notcve.org/view.php?id=CVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. Se ha encontrado una vulnerabilidad de salto de directorio en el motor ClairCore de Clair. Un atacante puede explotar esto al suministrar una imagen de contenedor diseñada que, cuando es escaneada por Clair, permite una escritura de archivos arbitrarios en el sistema de archivos, permitiendo potencialmente una ejecución de código remota • https://bugzilla.redhat.com/show_bug.cgi?id=2000795 https://github.com/quay/clair/pull/1379 https://github.com/quay/clair/pull/1380 https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821 https://github.com/quay/claircore/pull/478 https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83 https://access.redhat.com/security/cve/CVE-2021-3762 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3623
https://notcve.org/view.php?id=CVE-2021-3623
A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets containing illegal values and may lead to an out-of-bounds access when the volatile state of the TPM 2 is marshalled/written or unmarshalled/read. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en libtpms. El fallo puede ser desencadenado por paquetes de comandos TPM 2 especialmente diseñados que contengan valores ilegales y puede conllevar a un acceso fuera de límites cuando el estado volátil del TPM 2 es marshalled/written o unmarshalled/read. • https://bugzilla.redhat.com/show_bug.cgi?id=1976806 https://github.com/stefanberger/libtpms/commit/2e6173c https://github.com/stefanberger/libtpms/commit/2f30d62 https://github.com/stefanberger/libtpms/commit/7981d9a https://github.com/stefanberger/libtpms/pull/223 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7KZSYMTE7Z4BBEZUWO2DIMQDWMGEP46 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 17%CPEs: 8EXPL: 0CVE-2022-0711 – haproxy: Denial of service via set-cookie2 header
https://notcve.org/view.php?id=CVE-2022-0711
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en la forma en que HAProxy procesa las respuestas HTTP que contienen el encabezado "Set-Cookie2". Este fallo podría permitir a un atacante enviar paquetes de respuesta HTTP diseñados que conllevaran a un bucle infinito, resultando eventualmente en una situación de denegación de servicio. • https://access.redhat.com/security/cve/cve-2022-0711 https://github.com/haproxy/haproxy/commit/bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 https://www.debian.org/security/2022/dsa-5102 https://www.mail-archive.com/haproxy%40formilux.org/msg41833.html https://access.redhat.com/security/cve/CVE-2022-0711 https://bugzilla.redhat.com/show_bug.cgi?id=2053666 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •