CVE-2021-3930 – QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c
https://notcve.org/view.php?id=CVE-2021-3930
An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido como MODE_PAGE_ALLS (0x3f). • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220225-0007 https://access.redhat.com/security/cve/CVE-2021-3930 • CWE-193: Off-by-one Error •
CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2016-2124.html https://access.redhat.com/security/cve/CVE-2016-2124 • CWE-287: Improper Authentication •
CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25717.html https://access.redhat.com/security/cve/CVE-2020-25717 • CWE-20: Improper Input Validation •
CVE-2021-3620 – Ansible: ansible-connection module discloses sensitive info in traceback error message
https://notcve.org/view.php?id=CVE-2021-3620
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el módulo ansible-connection de Ansible Engine, en el que información confidencial, como las credenciales de usuario de Ansible, es revelado por defecto en el mensaje de error de rastreo. La mayor amenaza de esta vulnerabilidad es la confidencialidad • https://bugzilla.redhat.com/show_bug.cgi?id=1975767 https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0 https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html https://access.redhat.com/security/cve/CVE-2021-3620 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. Se ha encontrado un fallo en el código AMD de KVM para soportar la virtualización anidada SVM. • https://github.com/rami08448/CVE-2021-3656-Demo https://bugzilla.redhat.com/show_bug.cgi?id=1983988 https://git.kernel.org/pub/scm/virt/kvm/kvm.git/commit/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://github.com/torvalds/linux/commit/c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc https://www.openwall.com/lists/oss-security/2021/08/16/1 https://access.redhat.com/security/cve/CVE-2021-3656 • CWE-862: Missing Authorization •