CVE-2024-1048 – Grub2: grub2-set-bootflag can be abused by local (pseudo-)users
https://notcve.org/view.php?id=CVE-2024-1048
A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. Se encontró una falla en la utilidad grub2-set-bootflag de grub2. Después de la corrección de CVE-2019-14865, grub2-set-bootflag creará un archivo temporal con el nuevo contenido de grubenv y le cambiará el nombre al archivo grubenv original. • http://www.openwall.com/lists/oss-security/2024/02/06/3 https://access.redhat.com/errata/RHSA-2024:2456 https://access.redhat.com/errata/RHSA-2024:3184 https://access.redhat.com/security/cve/CVE-2024-1048 https://bugzilla.redhat.com/show_bug.cgi?id=2256827 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE https: • CWE-459: Incomplete Cleanup •
CVE-2024-0690 – Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration
https://notcve.org/view.php?id=CVE-2024-0690
An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. Se encontró una falla de divulgación de información en ansible-core debido a que no se respetó la configuración de ANSIBLE_NO_LOG en algunos escenarios. Se descubrió que la información todavía se incluye en la salida de determinadas tareas, como los elementos del bucle. • https://access.redhat.com/errata/RHSA-2024:0733 https://access.redhat.com/errata/RHSA-2024:2246 https://access.redhat.com/errata/RHSA-2024:3043 https://access.redhat.com/security/cve/CVE-2024-0690 https://bugzilla.redhat.com/show_bug.cgi?id=2259013 https://github.com/ansible/ansible/pull/82565 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVE-2023-4503 – Eap-galleon: custom provisioning creates unsecured http-invoker
https://notcve.org/view.php?id=CVE-2023-4503
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server. Se encontró una vulnerabilidad de inicialización incorrecta en Galleon. Cuando se utiliza Galleon para aprovisionar servidores EAP o EAP-XP personalizados, los servidores se crean sin seguridad. • https://access.redhat.com/errata/RHSA-2023:7637 https://access.redhat.com/errata/RHSA-2023:7638 https://access.redhat.com/errata/RHSA-2023:7639 https://access.redhat.com/errata/RHSA-2023:7641 https://access.redhat.com/security/cve/CVE-2023-4503 https://bugzilla.redhat.com/show_bug.cgi?id=2184751 • CWE-665: Improper Initialization •
CVE-2023-50782 – Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
https://notcve.org/view.php?id=CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. • https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVE-2023-50781 – M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657
https://notcve.org/view.php?id=CVE-2023-50781
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en m2crypto. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. • https://access.redhat.com/security/cve/CVE-2023-50781 https://bugzilla.redhat.com/show_bug.cgi?id=2254426 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •