Page 33 of 703 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 7

CVE-2022-41973 – device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack

https://notcve.org/view.php?id=CVE-2022-41973

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root. multipath-tools 0.7.7 hasta 0.9.x anteriores a 0.9.2 permite a los usuarios locales obtener acceso de root, explotado junto con CVE-2022-41974. Los usuarios locales capaces de acceder a /dev/shm pueden cambiar los enlaces simbólicos en multipathd debido a un manejo incorrecto de los enlaces simbólicos, lo que podría llevar a escrituras controladas de archivos fuera del directorio /dev/shm. Esto podría usarse indirectamente para escalar privilegios locales a root. • http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://seclists.org/fulldisclosure/2022/Oct/25 http://www.openwall.com/lists/oss-security/2022/10/24/2 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://bugzilla.suse.com/show_bug.cgi?id=1202739 https://github.com/open • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2022-44020 – VirtualBMC: removes password protection from the managed libvirt XML domain

https://notcve.org/view.php?id=CVE-2022-44020

An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." Se descubrió un problema en OpenStack Sushy-Tools hasta 0.21.0 y VirtualBMC hasta 2.2.2. Cambiar la configuración del dispositivo de arranque con estos paquetes elimina la protección con contraseña del dominio XML libvirt administrado. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GAD7QJIUWPCKJIGYP7PPHH5DILOEONFE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEQVJF3OQGSDCSQTQQSC54JEGLMSNB4Q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QMSUGS4B6EBRHBJMTRXL5RIKJTZTEMJC https://review.opendev.org/c/openstack/sushy-tools/+/862625 https://review.opendev.org/c/openstack/virtualbmc/+/862620 https://storyboard.openstack.org/#%21 • CWE-281: Improper Preservation of Permissions CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2022-42916 – curl: HSTS bypass via IDN

https://notcve.org/view.php?id=CVE-2022-42916

In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26. En curl anterior a 7.86.0, se podía omitir la verificación HSTS para engañarlo y que se quedara con HTTP. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 http://www.openwall.com/lists/oss-security/2022/12/21/1 https://curl.se/docs/CVE-2022-42916.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorap • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0

CVE-2022-42915 – curl: HTTP proxy double-free

https://notcve.org/view.php?id=CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0. curl antes de la versión 7.86.0 tiene un double free. • http://seclists.org/fulldisclosure/2023/Jan/19 http://seclists.org/fulldisclosure/2023/Jan/20 https://curl.se/docs/CVE-2022-42915.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK https://security.gentoo. • CWE-415: Double Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 7

CVE-2022-41974 – device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

https://notcve.org/view.php?id=CVE-2022-41974

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. multipath-tools 0.7.0 hasta 0.9.x anteriores a 0.9.2 permite a los usuarios locales obtener acceso de root, explotado solo o junto con CVE-2022-41973. Los usuarios locales capaces de escribir en sockets de dominio UNIX pueden eludir los controles de acceso y manipular la configuración de rutas múltiples. • http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://seclists.org/fulldisclosure/2022/Oct/25 http://www.openwall.com/lists/oss-security/2022/10/24/2 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://bugzilla.suse.com/show_bug.cgi?id=1202739 https://github.com/open • CWE-269: Improper Privilege Management CWE-285: Improper Authorization •