CVSS: 7.8EPSS: 7%CPEs: 50EXPL: 8CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
23 Feb 2022 — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 rel... • https://packetstorm.news/files/id/176099 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush
https://notcve.org/view.php?id=CVE-2022-0330
18 Feb 2022 — A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escal... • http://www.openwall.com/lists/oss-security/2022/11/30/1 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.9EPSS: 22%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-3930 – QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c
https://notcve.org/view.php?id=CVE-2021-3930
10 Dec 2021 — An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service condition. Se ha encontrado un error "off-by-one" en la emulación de dispositivos SCSI en QEMU. Podía ocurrir mientras eran procesados comandos MODE SELECT en mode_sense_page() si el argumento "page" era establecido... • https://bugzilla.redhat.com/show_bug.cgi?id=2020588 • CWE-193: Off-by-one Error •
CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
11 Nov 2021 — A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client... • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 32EXPL: 2CVE-2021-3744 – kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
https://notcve.org/view.php?id=CVE-2021-3744
11 Nov 2021 — A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. Se ha encontrado un fallo de pérdida de memoria en el kernel de Linux en la función ccp_run_aes_gcm_cmd() en el archivo drivers/crypto/ccp/ccp-ops.c, que permite a atacantes causar una denegación de servicio (consumo de memoria). Esta vulnerabilidad es simi... • http://www.openwall.com/lists/oss-security/2021/09/14/1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
11 Nov 2021 — A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext... • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 21EXPL: 0CVE-2021-3659 – kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
https://notcve.org/view.php?id=CVE-2021-3659
10 Nov 2021 — A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de desreferencia de puntero NULL en el subsistema de red inalámbrica IEEE versión 802.15.4 del kernel de Linux en la forma en que el usuario cierra la conexión LR-WPAN. Este fallo permite a un usuario local... • https://access.redhat.com/security/cve/CVE-2021-3659 • CWE-252: Unchecked Return Value CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-3620 – Ansible: ansible-connection module discloses sensitive info in traceback error message
https://notcve.org/view.php?id=CVE-2021-3620
15 Oct 2021 — A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. Se ha encontrado un fallo en el módulo ansible-connection de Ansible Engine, en el que información confidencial, como las credenciales de usuario de Ansible, es revelado por defecto en el mensaje de error de rastreo. La mayor amenaza de esta vulnerabilidad es l... • https://bugzilla.redhat.com/show_bug.cgi?id=1975767 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 76EXPL: 1CVE-2021-3656 – kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
https://notcve.org/view.php?id=CVE-2021-3656
09 Sep 2021 — A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "virt_ext" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the en... • https://github.com/rami08448/CVE-2021-3656-Demo • CWE-862: Missing Authorization •