CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
18 Feb 2022 — A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escal... • http://www.openwall.com/lists/oss-security/2022/11/30/1 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4091 – 389-ds-base: double free of the virtual attribute context in persistent search
https://notcve.org/view.php?id=CVE-2021-4091
18 Feb 2022 — A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. Se ha encontrado una vulnerabilidad de doble liberación en la forma en que 389-ds-base maneja el contexto de los atributos virtuales en las búsquedas persistentes. Un atacante podría enviar una serie de peticiones de búsqueda, forzando al servidor a comportarse de forma inesperada, y bloquearse A do... • https://bugzilla.redhat.com/show_bug.cgi?id=2030307 • CWE-415: Double Free •
CVSS: 9.9EPSS: 22%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 87%CPEs: 56EXPL: 170CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
26 Jan 2022 — A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfull... • https://packetstorm.news/files/id/166196 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
11 Nov 2021 — A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client... • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
11 Nov 2021 — A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext... • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 33EXPL: 0CVE-2020-25719 – samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets
https://notcve.org/view.php?id=CVE-2020-25719
11 Nov 2021 — A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. Se encontró un fallo en la forma en que Samba, como controlador de dominio de Active Directory, implementaba la autenticación basada en nombres de Kerberos. El AD DC de Samba, pod... • https://bugzilla.redhat.com/show_bug.cgi?id=2019732 • CWE-287: Improper Authentication CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 1CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
09 Sep 2021 — A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the en... • https://github.com/rami08448/CVE-2021-3656-Demo • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 87%CPEs: 260EXPL: 2CVE-2019-5544 – VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-5544
06 Dec 2019 — OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. OpenSLP, como es usado en ESXi y los dispositivos Horizon DaaS, presenta un problema de sobrescritura de la pila. VMware ha evaluado la gravedad de este problema para estar en el rango de gravedad Crítica con una puntuación base máxima CVSSv3 de 9.8. A heap overflow vulnerability was found in OpenSLP.... • https://github.com/HynekPetrak/CVE-2019-5544_CVE-2020-3992 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 13%CPEs: 41EXPL: 0CVE-2019-8720 – WebKitGTK Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2019-8720
08 Oct 2019 — A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platform 4.6. • https://bugzilla.redhat.com/show_bug.cgi?id=1876611 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •