CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-35937 – rpm: TOCTOU race in checks for unsafe symlinks
https://notcve.org/view.php?id=CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró una vulnerabilidad de condición de carrera en rpm. Un usuario local no privilegiado podría usar este fallo para omitir las comprobaciones introducidas en respuesta a CVE-2017-7500 y CVE-2017-7501, obteniendo potencialmente privilegios de root. • https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://bugzilla.suse.com/show_bug.cgi?id=1157880 https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 https://github.com/rpm-software-management/rpm/pull/1919 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 2CVE-2021-4217
https://notcve.org/view.php?id=CVE-2021-4217
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. Se ha encontrado un fallo en unzip. La vulnerabilidad es producida debido a un manejo inapropiado de las cadenas Unicode, que puede conllevar a una desreferencia de puntero null. • https://access.redhat.com/security/cve/CVE-2021-4217 https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3714
https://notcve.org/view.php?id=CVE-2021-3714
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged. Se ha encontrado un fallo en el mecanismo de de duplicación de memoria del kernel de Linux. Trabajos anteriores han demostrado que la de duplicación de memoria puede ser atacada por medio de un mecanismo de explotación local. • https://access.redhat.com/security/cve/CVE-2021-3714 https://arxiv.org/abs/2111.08553 https://arxiv.org/pdf/2111.08553.pdf https://bugzilla.redhat.com/show_bug.cgi?id=1931327 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-2738 – podman: Security regression of CVE-2020-8945 due to source code management issue
https://notcve.org/view.php?id=CVE-2022-2738
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. La versión de podman publicada para Red Hat Enterprise Linux 7 Extras por medio del aviso RHSA-2022:2190 incluía una versión incorrecta de podman que carecía de la corrección para CVE-2020-8945, que fue previamente corregida por medio de RHSA-2020:2117. Este problema podría usarse para bloquear o causar una posible ejecución de código en aplicaciones Go que usan la biblioteca envolvente Go GPGME, bajo determinadas condiciones, durante la verificación de la firma GPG • https://access.redhat.com/security/cve/CVE-2022-2738 https://bugzilla.redhat.com/show_bug.cgi?id=2116923 • CWE-416: Use After Free •