CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2022-1729 – kernel: race condition in perf_event_open leads to privilege escalation
https://notcve.org/view.php?id=CVE-2022-1729
22 Jun 2022 — A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. Se ha encontrado una condición de carrera en el kernel de Linux en la función perf_event_open() que puede ser explotada por un usuario no privilegiado para conseguir privilegios de root. El bug permite construir varias primitivas de explotación como un filt... • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3ac6487e584a1eb54071dbe1212e05b884136704 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-366: Race Condition within a Thread •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2022-28390 – kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c
https://notcve.org/view.php?id=CVE-2022-28390
03 Apr 2022 — ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. La función ems_usb_start_xmit en el archivo drivers/net/can/usb/ems_usb.c en el kernel de Linux versiones hasta 5.17.1, presenta una doble liberación A double-free flaw was found in the Linux kernel in the ems_usb_start_xmit function. This flaw allows an attacker to create a memory leak and corrupt the underlying data structure by calling free more than once. It was discovered that the Linux kernel did ... • https://github.com/torvalds/linux/commit/c70222752228a62135cee3409dccefd494a24646 • CWE-415: Double Free •
CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0CVE-2021-20322 – kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies
https://notcve.org/view.php?id=CVE-2021-20322
03 Feb 2022 — A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de... • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 • CWE-330: Use of Insufficiently Random Values •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 2CVE-2021-4154 – kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout
https://notcve.org/view.php?id=CVE-2021-4154
20 Jan 2022 — A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. Se encontró un defecto de uso de memoria previamente liberada en la función cgroup1_parse_param en el archivo kernel/cgroup/cgroup-v1.c en el analizador cgroup v1 del kernel de Linux. Un atacante lo... • https://github.com/Markakd/CVE-2021-4154 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 3%CPEs: 11EXPL: 2CVE-2021-46143 – expat: Integer overflow in doProlog in xmlparse.c
https://notcve.org/view.php?id=CVE-2021-46143
06 Jan 2022 — In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. ... • https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-46143 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.0EPSS: 0%CPEs: 12EXPL: 5CVE-2021-45960 – expat: Large number of prefixed XML attributes on a single tag can crash libexpat
https://notcve.org/view.php?id=CVE-2021-45960
01 Jan 2022 — In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). En Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o más) lugares en la función storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignación (por ejemplo, asignar muy pocos bytes, o sólo liberar memoria). exp... • https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-45960 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-41864 – kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write
https://notcve.org/view.php?id=CVE-2021-41864
01 Oct 2021 — prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. prealloc_elems_and_freelist en kernel/bpf/stackmap.c en el kernel de Linux antes de la versión 5.14.12 permite a usuarios sin privilegios desencadenar un desbordamiento de enteros en la multiplicación de eBPF con una escritura fuera de los límites resultante. An out-of-bounds (OOB) memory write flaw was foun... • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 60EXPL: 2CVE-2021-22924 – curl: Bad connection reuse due to flawed path name checks
https://notcve.org/view.php?id=CVE-2021-22924
22 Jul 2021 — libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' whic... • https://github.com/Trinadh465/external_curl_AOSP10_r33_CVE-2021-22924 • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 1CVE-2021-22897
https://notcve.org/view.php?id=CVE-2021-22897
11 Jun 2021 — curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transpo... • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf • CWE-668: Exposure of Resource to Wrong Sphere CWE-840: Business Logic Errors •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 2CVE-2019-25045
https://notcve.org/view.php?id=CVE-2019-25045
07 Jun 2021 — An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. Se ha detectado un problema en el kernel de Linux versiones anteriores a 5.0.19. El subsistema XFRM presenta un uso de la memoria previamente liberada, relacionado con un pánico de la función xfrm_state_fini, también se conoce como CID-dbb2483b2a46 • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.19 • CWE-416: Use After Free •