CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3899
https://notcve.org/view.php?id=CVE-2021-3899
There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root. Existe una condición de ejecución en la detección de 'ejecutable reemplazado' que, con la configuración local correcta, permite a un atacante ejecutar código arbitrario como root. • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376 https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2021-3899 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: -EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1242
https://notcve.org/view.php?id=CVE-2022-1242
Apport can be tricked into connecting to arbitrary sockets as the root user Se puede engañar a Apport para que se conecte a sockets arbitrarios como usuario root • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-1242 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27352
https://notcve.org/view.php?id=CVE-2020-27352
When generating the systemd service units for the docker snap (and other similar snaps), snapd does not specify Delegate=yes - as a result systemd will move processes from the containers created and managed by these snaps into the cgroup of the main daemon within the snap itself when reloading system units. This may grant additional privileges to a container within the snap that were not originally intended. Al generar las unidades de servicio systemd para el complemento de Docker (y otros complementos similares), snapd no especifica Delegate=yes; como resultado, systemd moverá los procesos de los contenedores creados y administrados por estos complementos al grupo c del daemon principal dentro del se rompe al recargar las unidades del sistema. Esto puede otorgar privilegios adicionales a un contenedor dentro del complemento que no estaban previstos originalmente. • https://bugs.launchpad.net/snapd/+bug/1910456 https://ubuntu.com/security/notices/USN-4728-1 https://www.cve.org/CVERecord?id=CVE-2020-27352 • CWE-269: Improper Privilege Management •