Page 28 of 400 results (0.013 seconds)

CVSS: 7.8EPSS: 0%CPEs: 43EXPL: 22

CVE-2019-13272 – Linux Kernel Improper Privilege Management Vulnerability

https://notcve.org/view.php?id=CVE-2019-13272

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. En el kernel de Linux anterior a versión 5.1.17, ptrace_link en el archivo kernel/ptrace.c maneja inapropiadamente la grabación de las credenciales de un proceso que desea crear una relación de ptrace, que permite a los usuarios locales obtener acceso de root aprovechando determinados escenarios con un relación de proceso padre-hijo, donde un padre elimina los privilegios y llama a execve (permitiendo potencialmente el control por parte de un atacante). • https://www.exploit-db.com/exploits/47133 https://www.exploit-db.com/exploits/47163 https://www.exploit-db.com/exploits/50541 https://www.exploit-db.com/exploits/47543 https://github.com/jas502n/CVE-2019-13272 https://github.com/Cyc1eC/CVE-2019-13272 https://github.com/oneoy/CVE-2019-13272 https://github.com/polosec/CVE-2019-13272 https://github.com/MDS1GNAL/ptrace_scope-CVE-2019-13272-privilege-escalation https://github.com/datntsec/CVE-2019-13272 https://github • CWE-271: Privilege Dropping / Lowering Errors •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2019-10191

https://notcve.org/view.php?id=CVE-2019-10191

A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. Se detectó una vulnerabilidad en la resolución de DNS de knot resolver anteriores a la versión 4.1.0, que permite a los atacantes remotos degradar los dominios seguros de DNSSEC a un estado no seguro de DNSSEC, abriendo la posibilidad de un secuestro de dominio mediante el uso de ataques contra el protocolo DNS no seguro. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191 https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5 https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-10190

https://notcve.org/view.php?id=CVE-2019-10190

A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191. Se detectó una vulnerabilidad en el componente de resolución de DNS de knot resolver hasta la versión 3.2.0 anterior a 4.1.0, que permite a los atacantes remotos omitir la comprobación DNSSEC para una respuesta de no existencia. La respuesta NXDOMAIN se pasaría hacia el cliente incluso si fallara la comprobación DNSSEC, en lugar de enviar un paquete SERVFAIL. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190 https://lists.debian.org/debian-lts-announce/2024/04/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5 https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2019-1010057

https://notcve.org/view.php?id=CVE-2019-1010057

nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file. The fixed version is: after commit 9f0fe9563366f62a71d34c92229da3432ec5cf0e. nfdump versiones 1.6.16 y anteriores están afectados por: Desbordamiento de búfer. • https://github.com/phaag/nfdump/issues/104 https://lists.debian.org/debian-lts-announce/2020/09/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULSZMKA7P7REJMANVL7D6WMZ2L7IRSET https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTONOGJU5FSMFNRCT6OHXYUMDRKH4RPA https://security.gentoo.org/glsa/202003-17 • CWE-787: Out-of-bounds Write •

CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 1

CVE-2019-13115 – libssh2 1.8.2 Out-Of-Bounds Read

https://notcve.org/view.php?id=CVE-2019-13115

In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855. En libssh2 anterior a la versión 1.9.0, el archivo kex_method_diffie_hellman_group_exchange_sha256_key_exchange en kex.c presenta un desbordamiento de enteros que podría conllevar a una escritura fuera de límites en la manera en que se leen los paquetes desde el servidor. Un atacante remoto que comprometa un servidor SSH puede ejecutar código en el sistema cliente cuando un usuario se conecta al servidor. • http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html https://blog.semmle.com/libssh2-integer-overflow https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa https://github.com/libssh2/libssh2/pull/350 https://libssh2.org/changes.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E http • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •