CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
23 Aug 2023 — A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary confi... • https://access.redhat.com/errata/RHSA-2023:4701 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
07 Feb 2023 — A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 2CVE-2022-4254 – sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
https://notcve.org/view.php?id=CVE-2022-4254
24 Jan 2023 — sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be i... • https://access.redhat.com/security/cve/CVE-2022-4254 • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 8.8EPSS: 26%CPEs: 20EXPL: 2CVE-2022-1227 – psgo: Privilege escalation in 'podman top'
https://notcve.org/view.php?id=CVE-2022-1227
29 Apr 2022 — A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Se ha encontrado un fallo de escalada de privilegios en Podman. • https://github.com/iridium-soda/CVE-2022-1227_Exploit • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •
CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
18 Feb 2022 — A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escal... • http://www.openwall.com/lists/oss-security/2022/11/30/1 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4091 – 389-ds-base: double free of the virtual attribute context in persistent search
https://notcve.org/view.php?id=CVE-2021-4091
18 Feb 2022 — A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. Se ha encontrado una vulnerabilidad de doble liberación en la forma en que 389-ds-base maneja el contexto de los atributos virtuales en las búsquedas persistentes. Un atacante podría enviar una serie de peticiones de búsqueda, forzando al servidor a comportarse de forma inesperada, y bloquearse A do... • https://bugzilla.redhat.com/show_bug.cgi?id=2030307 • CWE-415: Double Free •
CVSS: 9.9EPSS: 22%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 87%CPEs: 56EXPL: 170CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
26 Jan 2022 — A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfull... • https://packetstorm.news/files/id/166196 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
11 Nov 2021 — A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client... • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
11 Nov 2021 — A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext... • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 • CWE-20: Improper Input Validation •