CVSS: 9.0EPSS: 0%CPEs: 60EXPL: 2CVE-2022-0435 – kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS
https://notcve.org/view.php?id=CVE-2022-0435
A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. Se ha encontrado un fallo de desbordamiento de pila en la funcionalidad del protocolo TIPC del kernel de Linux en la forma en que un usuario envía un paquete con contenido malicioso cuando el número de nodos miembros del dominio es superior a los 64 permitidos. Este fallo permite a un usuario remoto bloquear el sistema o posiblemente escalar sus privilegios si presenta acceso a la red TIPC A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. • https://github.com/wlswotmd/CVE-2022-0435 https://bugzilla.redhat.com/show_bug.cgi?id=2048738 https://security.netapp.com/advisory/ntap-20220602-0001 https://www.openwall.com/lists/oss-security/2022/02/10/1 https://access.redhat.com/security/cve/CVE-2022-0435 • CWE-787: Out-of-bounds Write •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 1CVE-2021-4115 – polkit: file descriptor leak allows an unprivileged user to cause a crash
https://notcve.org/view.php?id=CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned Se presenta un fallo en polkit que puede permitir a un usuario no privilegiado causar un bloqueo de polkit, debido al agotamiento del descriptor de archivos del proceso. La mayor amenaza de esta vulnerabilidad es la disponibilidad. NOTA: La duración de la interrupción del proceso de polkit está ligada al proceso que falla y a la creación de uno nuevo There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. • http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html https://access.redhat.com/security/cve/cve-2021-4115 https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat • CWE-400: Uncontrolled Resource Consumption CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-44141 – samba: Information leak via symlinks of existance of files or directories outside of the exported share
https://notcve.org/view.php?id=CVE-2021-44141
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Todas las versiones de Samba anteriores a 4.15.5, son vulnerables a que un cliente malicioso use un enlace simbólico del servidor para determinar si un archivo o directorio se presenta en un área del sistema de archivos del servidor no exportada bajo la definición de recurso compartido. SMB1 con extensiones unix debe estar habilitado para que este ataque tenga éxito A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. • https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-44141.html https://access.redhat.com/security/cve/CVE-2021-44141 https://bugzilla.redhat.com/show_bug.cgi?id=2046120 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2022-23645 – Out-of-bounds read in swtpm
https://notcve.org/view.php?id=CVE-2022-23645
swtpm is a libtpms-based TPM emulator with socket, character device, and Linux CUSE interface. Versions prior to 0.5.3, 0.6.2, and 0.7.1 are vulnerable to out-of-bounds read. A specially crafted header of swtpm's state, where the blobheader's hdrsize indicator has an invalid value, may cause an out-of-bounds access when the byte array representing the state of the TPM is accessed. This will likely crash swtpm or prevent it from starting since the state cannot be understood. Users should upgrade to swtpm v0.5.3, v0.6.2, or v0.7.1 to receive a patch. • https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 https://github.com/stefanberger/swtpm/releases/tag/v0.5.3 https://github.com/stefanberger/swtpm/releases/tag/v0.6.2 https://github.com/stefanberger/swtpm/releases/tag/v0.7.1 https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WL735FW266GO4C2JX4CJBOIOB7R7AY5A https://access.redhat.com/security/cve/CVE-2022-23645& • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2021-3657
https://notcve.org/view.php?id=CVE-2021-3657
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for remote code execution. Se ha encontrado un fallo en mbsync versiones anteriores a 1.4.4. Debido al manejo inapropiado de literales IMAP extremadamente grandes ()=2GiB), los servidores IMAP maliciosos o comprometidos, e hipotéticamente incluso los remitentes de correo electrónico externos, podrían causar varios desbordamientos de búfer diferentes, que podrían ser explotados para una ejecución de código remota • https://bugzilla.redhat.com/show_bug.cgi?id=2028932 https://lists.debian.org/debian-lts-announce/2022/07/msg00001.html https://security.gentoo.org/glsa/202208-15 https://www.openwall.com/lists/oss-security/2021/12/03/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •