CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20194 – kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
https://notcve.org/view.php?id=CVE-2021-20194
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. Se presenta una vulnerabilidad en el kernel de Linux versiones superiores a 5.2 (si el kernel compilado con los parámetros config CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY no se establece y el hook BPF a getsockopt está registrado). Como resultado de la ejecución de BPF, el usuario local puede desencadenar un error en la función __cgroup_bpf_run_filter_getsockopt() que puede conllevar a un desbordamiento de la pila (debido a una copia de usuario no reforzada). • https://bugzilla.redhat.com/show_bug.cgi?id=1912683 https://security.netapp.com/advisory/ntap-20210326-0003 https://access.redhat.com/security/cve/CVE-2021-20194 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-20229
https://notcve.org/view.php?id=CVE-2021-20229
A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en PostgreSQL en las versiones anteriores a la 13.2. Este fallo permite a un usuario con privilegio SELECT en una columna elaborar una consulta especial que devuelva todas las columnas de la tabla. • https://bugzilla.redhat.com/show_bug.cgi?id=1925296 https://security.gentoo.org/glsa/202105-32 https://security.netapp.com/advisory/ntap-20210326-0005 • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-35518 – 389-ds-base: information disclosure during the binding of a DN
https://notcve.org/view.php?id=CVE-2020-35518
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. This can be used by an unauthenticated attacker to check the existence of an entry in the LDAP database. Cuando se vincula con un DN durante la autenticación, la respuesta de 389-ds-base será diferente si el DN se presenta o no. Esto puede ser usado por un atacante no autenticado para comprobar la existencia de una entrada en la base de datos de LDAP. • https://bugzilla.redhat.com/show_bug.cgi?id=1905565 https://github.com/389ds/389-ds-base/commit/b6aae4d8e7c8a6ddd21646f94fef1bf7f22c3f32 https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc https://github.com/389ds/389-ds-base/issues/4480 https://access.redhat.com/security/cve/CVE-2020-35518 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3393 – postgresql: Partition constraint violation errors leak values of denied columns
https://notcve.org/view.php?id=CVE-2021-3393
An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. A user having UPDATE permission but not SELECT permission to a particular column could craft queries which, under some circumstances, might disclose values from that column in error messages. An attacker could use this flaw to obtain information stored in a column they are allowed to write but not read. Se detectó un filtrado de información en postgresql en versiones anteriores a 13.2, versiones anteriores a 12.6 y versiones anteriores a 11.11. Un usuario que tenga el permiso UPDATE pero no el permiso SELECT para una columna en particular podría diseñar consultas que, en algunas circunstancias, podrían divulgar valores de esa columna en mensajes de error. • https://bugzilla.redhat.com/show_bug.cgi?id=1924005 https://security.gentoo.org/glsa/202105-32 https://security.netapp.com/advisory/ntap-20210507-0006 https://access.redhat.com/security/cve/CVE-2021-3393 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20188 – podman: container users permissions are not respected in privileged containers
https://notcve.org/view.php?id=CVE-2021-20188
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.redhat.com/show_bug.cgi?id=1915734 https://access.redhat.com/security/cve/CVE-2021-20188 • CWE-863: Incorrect Authorization •