Page 26 of 1223 results (0.016 seconds)

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-3981 – grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content

https://notcve.org/view.php?id=CVE-2021-3981

A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg. This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. Se ha encontrado un fallo en grub2 en el que su archivo de configuración, conocido como grub.cfg, es creado con un conjunto de permisos erróneo que permite a usuarios no privilegiado leer su contenido. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://bugzilla.redhat.com/show_bug.cgi?id=2024170 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AI776L35DDYPCSAAJPJM3ZEQYSFZHBJX https://security.gentoo.org/glsa/202209-12 https://access.redhat.com/security/cve/CVE-2021-3981 • CWE-276: Incorrect Default Permissions •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-24737 – Exposure of Sensitive Information to an Unauthorized Actor in httpie

https://notcve.org/view.php?id=CVE-2022-24737

HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. • https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b https://github.com/httpie/httpie/releases/tag/3.1.0 https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QZD2AZOL7XLNZVAV6GDNXYU6MFRU5RS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5VYSYKEKVZEVEBIWAADGDXG4Y3EWCQ3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

CVE-2022-26490

https://notcve.org/view.php?id=CVE-2022-26490

st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. La función st21nfca_connectivity_event_received en el archivo drivers/nfc/st21nfca/se.c en el kernel de Linux hasta la versión 5.16.12, presenta desbordamientos de búfer EVT_TRANSACTION debido a parámetros de longitud no confiables • https://github.com/torvalds/linux/commit/4fbcc1a4cb20fe26ad0225679c536c80f1648221 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BG4J46EMFPDD5QHYXDUI3PJCZQ7HQAZR https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5AUUDGSDLGYU7SZSK4PFAN22NISQZBT https://security.netapp.com/advisory/ntap-20220429-0004 https://www.debian.org/security/2022/dsa-5127 https://www.debian.org/security/20 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 1

CVE-2022-26495

https://notcve.org/view.php?id=CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBD_OPT_INFO, NBD_OPT_GO, and NBD_OPT_EXPORT_NAME messages. En nbd-server en nbd versiones anteriores a 3.24, se presenta un desbordamiento de enteros con un desbordamiento de búfer en la región heap de la memoria resultante. Un valor de 0xffffff en el campo de longitud del nombre causará que se asigne un búfer de tamaño cero para el nombre, resultando en una escritura en un puntero colgante. • https://lists.debian.org/debian-lts-announce/2022/03/msg00014.html https://lists.debian.org/nbd/2022/01/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU5JFD4PEJED72TZLZ5R2Q2SFXICU5I5 https://security.gentoo.org/glsa/202402-10 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1

CVE-2022-26496 – Shannon Baseband fmtp SDP Attribute Memory Corruption

https://notcve.org/view.php?id=CVE-2022-26496

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. En nbd-server en nbd versiones anteriores a 3.24, se presenta un desbordamiento del búfer en la región stack de la memoria. Un atacante puede causar un desbordamiento de búfer en el análisis del campo name enviando un mensaje NBD_OPT_INFO o NBD_OPT_GO diseñado con un valor grande como longitud del nombre Shannon Baseband suffers from a memory corruption vulnerability that occurs when the baseband modem processes SDP when setting up a call. When an fmtp attribute is parsed, the integer that represents the payload type is copied into an 8-byte buffer using memcpy with the length of payload type as the length parameter. • http://packetstormsecurity.com/files/172148/Shannon-Baseband-fmtp-SDP-Attribute-Memory-Corruption.html https://lists.debian.org/nbd/2022/01/msg00036.html https://lists.debian.org/nbd/2022/01/msg00037.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G2UPX62BIWOOHSACGUDB7E3O4URNN37F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZHR73XMAJTCFGKUZRXVTZKCK2X3IFNA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject • CWE-787: Out-of-bounds Write •