CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20320
https://notcve.org/view.php?id=CVE-2021-20320
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Se encontró un fallo en s390 eBPF JIT en la función bpf_jit_insn en el archivo arch/s390/net/bpf_jit_comp.c en el kernel de Linux. En este fallo, un atacante local con privilegios de usuario especiales puede omitir el verificador y puede conllevar a un problema de confidencialidad • https://bugzilla.redhat.com/show_bug.cgi?id=2010090 https://lore.kernel.org/bpf/20210902185229.1840281-1-johan.almbladh%40anyfinetworks.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0671
https://notcve.org/view.php?id=CVE-2022-0671
A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. Se ha encontrado un fallo en vscode-xml en las versiones anteriores a 0.19.0. La descarga de esquemas podría conllevar a una vulnerabilidad de tipo SSRF ciego o un DoS por medio de un archivo grande • https://github.com/eclipse/lemminx/blob/master/CHANGELOG.md#0190-february-14-2022 https://github.com/redhat-developer/vscode-xml/blob/master/CHANGELOG.md#0190-february-14-2022 • CWE-400: Uncontrolled Resource Consumption CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el mismo A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/11/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=2042404 https://security.netapp.com/advisory/ntap-20220526-0001 https://www.openwall.com/lists/oss-security/2022/01/25/12 https://access.redhat.com/security/cve/CVE-2022-0330 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4091 – 389-ds-base: double free of the virtual attribute context in persistent search
https://notcve.org/view.php?id=CVE-2021-4091
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. Se ha encontrado una vulnerabilidad de doble liberación en la forma en que 389-ds-base maneja el contexto de los atributos virtuales en las búsquedas persistentes. Un atacante podría enviar una serie de peticiones de búsqueda, forzando al servidor a comportarse de forma inesperada, y bloquearse A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. • https://bugzilla.redhat.com/show_bug.cgi?id=2030307 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html https://access.redhat.com/security/cve/CVE-2021-4091 • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3948 – mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
https://notcve.org/view.php?id=CVE-2021-3948
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster. Se ha encontrado una vulnerabilidad de permisos por defecto incorrectos en el controlador mig. Debido a un manejo incorrecto de espacios de nombres del cluster, un atacante puede ser capaz de migrar una carga de trabajo maliciosa al cluster de destino, impactando la confidencialidad, integridad y disponibilidad de los servicios ubicados en ese cluster • https://bugzilla.redhat.com/show_bug.cgi?id=2022017 https://access.redhat.com/security/cve/CVE-2021-3948 • CWE-276: Incorrect Default Permissions •