CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-0851 – convert2rhel: Activation key passed via command line by code
https://notcve.org/view.php?id=CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager. Se presenta un fallo en convert2rhel. • https://access.redhat.com/security/cve/CVE-2022-0851 https://bugzilla.redhat.com/show_bug.cgi?id=2060217 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.6EPSS: 0%CPEs: 14EXPL: 2CVE-2022-2132 – dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs
https://notcve.org/view.php?id=CVE-2022-2132
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. Se ha encontrado un fallo en la lista de entradas permitidas en DPDK. Este problema permite a un atacante remoto causar una denegación de servicio al enviar un encabezado Vhost diseñado a DPDK • https://bugs.dpdk.org/show_bug.cgi?id=1031 https://bugzilla.redhat.com/show_bug.cgi?id=2099475 https://lists.debian.org/debian-lts-announce/2022/09/msg00000.html https://access.redhat.com/security/cve/CVE-2022-2132 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-791: Incomplete Filtering of Special Elements •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3864
https://notcve.org/view.php?id=CVE-2021-3864
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. • https://access.redhat.com/security/cve/CVE-2021-3864 https://bugzilla.redhat.com/show_bug.cgi?id=2015046 https://lore.kernel.org/all/20211221021744.864115-1-longman%40redhat.com https://lore.kernel.org/all/20211226150310.GA992%401wt.eu https://lore.kernel.org/lkml/20211228170910.623156-1-wander%40redhat.com https://security-tracker.debian.org/tracker/CVE-2021-3864 https://www.openwall.com/lists/oss-security/2021/10/20/2 • CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de Eurosoft versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34303 https://bugzilla.redhat.com/show_bug.cgi?id=2120701 • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34301 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de CryptoPro Secure Disk versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01001.html https://www.kb.cert.org/vuls/id/309662 https://access.redhat.com/security/cve/CVE-2022-34301 https://bugzilla.redhat.com/show_bug.cgi?id=2120699 • CWE-494: Download of Code Without Integrity Check •