CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 1CVE-2021-4207 – QEMU: QXL: double fetch in qxl_cursor() can lead to heap buffer overflow
https://notcve.org/view.php?id=CVE-2021-4207
29 Apr 2022 — A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Se ha encontrado un fallo en la emulación del dispositivo de visualización QXL en ... • https://bugzilla.redhat.com/show_bug.cgi?id=2036966 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 29EXPL: 0CVE-2022-1353 – kernel: kernel info leak issue in pfkey_register
https://notcve.org/view.php?id=CVE-2022-1353
29 Apr 2022 — A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. Se encontró una vulnerabilidad en la función pfkey_register en el archivo net/key/af_key.c en el kernel de Linux. Este fallo permite a un usuario local no privilegiado acceder a la memoria del kernel, conllevando a un bloqueo del sistema o un filtrado de información in... • https://bugzilla.redhat.com/show_bug.cgi?id=2066819 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •
CVSS: 8.8EPSS: 32%CPEs: 20EXPL: 3CVE-2022-1227 – psgo: Privilege escalation in 'podman top'
https://notcve.org/view.php?id=CVE-2022-1227
29 Apr 2022 — A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. Se ha encontrado un fallo de escalada de privilegios en Podman. • https://github.com/iridium-soda/CVE-2022-1227_Exploit • CWE-269: Improper Privilege Management CWE-281: Improper Preservation of Permissions •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 3CVE-2022-0852 – convert2rhel: Red Hat account password passed via command line by code
https://notcve.org/view.php?id=CVE-2022-0852
27 Apr 2022 — There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the pas... • https://access.redhat.com/security/cve/CVE-2022-0852 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0934 – dnsmasq: Heap use after free in dhcp6_no_relay
https://notcve.org/view.php?id=CVE-2022-0934
22 Apr 2022 — A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. En dnsmasq ha sido encontrado un fallo de escritura/uso de memoria previamente liberada de un byte no arbitrario. Este fallo permite a un atacante que envíe un paquete diseñado procesado por dnsmasq, causando potencialmente una denegación de servicio An update that fixes one vulnerability is now available. This upd... • https://access.redhat.com/security/cve/CVE-2022-0934 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42778 – Gentoo Linux Security Advisory 202209-03
https://notcve.org/view.php?id=CVE-2021-42778
18 Apr 2022 — A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. Se ha encontrado un problema de doble liberación de la pila en Opensc versiones anteriores a 0.22.0, en la función sc_pkcs15_free_tokeninfo Multiple vulnerabilities have been discovered in OpenSC, the worst of which could result in the execution of arbitrary code. Versions less than 0.22.0 are affected. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-1304 – e2fsprogs: out-of-bounds read/write via crafted filesystem
https://notcve.org/view.php?id=CVE-2022-1304
14 Apr 2022 — An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. Se ha encontrado una vulnerabilidad de lectura/escritura fuera de límites en e2fsprogs versión 1.46.5. Este problema conlleva a un fallo de segmentación y posiblemente una ejecución de código arbitrario por medio de un sistema de archivos especialmente diseñado An out-of-bounds read/write vulnerability was found in e2fspro... • https://bugzilla.redhat.com/show_bug.cgi?id=2069726 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1280 – kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources
https://notcve.org/view.php?id=CVE-2022-1280
13 Apr 2022 — A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. Se encontró una vulnerabilidad de uso de memoria previamente liberada en la función drm_lease_held en el archivo drivers/gpu/drm/drm_lease.c en el kernel de Linux debido a un problema de carrera. Este fallo permite a un atacante con privilegios de usuario local cau... • https://bugzilla.redhat.com/show_bug.cgi?id=2071022 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-42779 – Gentoo Linux Security Advisory 202209-03
https://notcve.org/view.php?id=CVE-2021-42779
12 Apr 2022 — A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. Se encontró un problema de uso de memoria previamente liberada de la pila en Opensc versiones anteriores a 0.22.0, en la función sc_file_valid An update that solves four vulnerabilities and has one errata is now available. This update for opensc fixes the following issues. Stack buffer overflow issues in various places. Fixed multiple heap buffer overflows in pkcs15-oberthur.c. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 2CVE-2022-1016 – kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM
https://notcve.org/view.php?id=CVE-2022-1016
12 Apr 2022 — A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. Se ha encontrado un fallo en el kernel de Linux en el archivo net/netfilter/nf_tables_core.c:nft_do_chain, que puede causar un uso de memoria previamente liberada. Este problema necesita manejar "return" con las precondiciones apropiada... • http://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016 • CWE-824: Access of Uninitialized Pointer CWE-909: Missing Initialization of Resource •