CVE-2022-0866 – wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
https://notcve.org/view.php?id=CVE-2022-0866
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. • https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0 https://access.redhat.com/security/cve/CVE-2022-0866 https://bugzilla.redhat.com/show_bug.cgi?id=2060929 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •
CVE-2022-23451 – openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret
https://notcve.org/view.php?id=CVE-2022-23451
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. Se ha encontrado un fallo de autorización en openstack-barbican. Las reglas de política por defecto para la API de metadatos secretos permitían a cualquier usuario autenticado añadir, modificar o eliminar metadatos de cualquier secreto independientemente de su propiedad. • https://access.redhat.com/security/cve/CVE-2022-23451 https://bugzilla.redhat.com/show_bug.cgi?id=2022878 https://bugzilla.redhat.com/show_bug.cgi?id=2025089 https://review.opendev.org/c/openstack/barbican/+/811236 https://storyboard.openstack.org/#%21/story/2009253 • CWE-863: Incorrect Authorization •
CVE-2021-3979 – ceph: Ceph volume does not honour osd_dmcrypt_key_size
https://notcve.org/view.php?id=CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que es más débil y puede ser explotada para la pérdida de confidencialidad e integridad en los discos cifrados. • https://access.redhat.com/security/cve/CVE-2021-3979 https://bugzilla.redhat.com/show_bug.cgi?id=2024788 https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 https://github.com/ceph/ceph/pull/44765 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q https://tracker.ceph.com/issues/54006 • CWE-287: Improper Authentication CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-20257 – QEMU: net: e1000: infinite loop while processing transmit descriptors
https://notcve.org/view.php?id=CVE-2021-20257
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo de bucle infinito en el emulador NIC e1000 de QEMU. • https://bugzilla.redhat.com/show_bug.cgi?id=1930087 https://github.com/qemu/qemu/commit/3de46e6fc489c52c9431a8a832ad8170a7569bd8 https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg07428.html https://security.gentoo.org/glsa/202208-27 https://security.netapp.com/advisory/ntap-20220425-0003 https://www.openwall.com/lists/oss-security/2021/02/25/2 https://access.redhat.com/security/cve/CVE-2021-20257 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2019-12067
https://notcve.org/view.php?id=CVE-2019-12067
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. La función ahci_commit_buf en el archivo ide/ahci.c en QEMU permite a atacantes causar una denegación de servicio (derivación de NULL) cuando el encabezado del comando "ad-)cur_cmd" es null • https://bugzilla.suse.com/show_bug.cgi?id=1145642 https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01487.html https://security-tracker.debian.org/tracker/CVE-2019-12067 https://security.netapp.com/advisory/ntap-20210727-0001 • CWE-476: NULL Pointer Dereference •