Page 22 of 4202 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. A flaw was found in cloud-init. When a system is configured through cloud-init and the "Set Passwords" module is used with "chpasswd" directive and "RANDOM", the randomly generated password for the relative user is written in clear-text in a file readable by any existing user of the system. The highest threat from this vulnerability is to data confidentiality and it may allow a local attacker to log in as another user. • https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d86e10668 https://access.redhat.com/security/cve/CVE-2021-3429 https://bugzilla.redhat.com/show_bug.cgi?id=1940967 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. Se descubrió que la implementación de eBPF en el kernel de Linux no rastreaba adecuadamente la información de límites para registros de 32 bits al realizar operaciones div y mod. Un atacante local podría usar esto para posiblemente ejecutar código arbitrario. A flaw was found in the Linux kernel’s eBPF verification code, where the eBPF 32-bit div/mod source register truncation could lead to out-of-bounds reads and writes. • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600 https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 https://ubuntu.com/security/notices/USN-5003-1 https://access.redhat.com/security/cve/CVE-2021-3600 https://bugzilla.redhat.com/show_bug.cgi?id=1981954 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1

It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. Se ha detectado que la función process_report() en la ruta data/whoopsie-upload-all permitía la escritura arbitraria de archivos por medio de enlaces simbólicos • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •

CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0

It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. Se ha detectado que la función get_modified_conffiles() en el archivo backends/packaging-apt-dpkg.py permitía inyectar nombres de paquetes modificados de forma que se confundía la llamada a dpkg(1) • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0

It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete xorg apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •