Page 36 of 8839 results (0.164 seconds)

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-9050 – Networkmanager-libreswan: local privilege escalation via leftupdown

https://notcve.org/view.php?id=CVE-2024-9050

A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. • https://access.redhat.com/errata/RHSA-2024:8312 https://access.redhat.com/errata/RHSA-2024:8338 https://access.redhat.com/errata/RHSA-2024:8352 https://access.redhat.com/errata/RHSA-2024:8353 https://access.redhat.com/errata/RHSA-2024:8354 https://access.redhat.com/errata/RHSA-2024:8355 https://access.redhat.com/errata/RHSA-2024:8356 https://access.redhat.com/errata/RHSA-2024:8357 https://access.redhat.com/errata/RHSA-2024:8358 https://access.redhat.com/errata/RHSA • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: -EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-48962 – net: hisilicon: Fix potential use-after-free in hisi_femac_rx()

https://notcve.org/view.php?id=CVE-2022-48962

In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. • https://git.kernel.org/stable/c/542ae60af24f02e130e62cb3b7c23163a2350056 https://git.kernel.org/stable/c/3501da8eb6d0f5f114a09ec953c54423f6f35885 https://git.kernel.org/stable/c/196e12671cb629d9f3b77b4d8bec854fc445533a https://git.kernel.org/stable/c/aceec8ab752428d8e151321479e82cc1a40fee2e https://git.kernel.org/stable/c/e71a46cc8c9ad75f3bb0e4b361e81f79c0214cca https://git.kernel.org/stable/c/296a50aa8b2982117520713edc1375777a9f8506 https://git.kernel.org/stable/c/6f4798ac9c9e98f41553c4f5e6c832c8860a6942 https://git.kernel.org/stable/c/8595a2db8eb0ffcbb466eb9f4a •

CVSS: -EPSS: 0%CPEs: 7EXPL: 0

CVE-2024-49863 – vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

https://notcve.org/view.php?id=CVE-2024-49863

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug can be triggered when guest sends an SCSI AN request. In vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with `&v_req.tmf.lun[1]` within a switch-case block and is then passed to vhost_scsi_get_req() which extracts `vc->req` and `tpg`. However, for a `VIRTIO_SCSI_T_AN_*` request, tpg is not required, so `vc.target` is set to NULL in this branch. Later, in vhost_scsi_get_req(), `vc->target` is dereferenced without being checked, leading to a null pointer dereference bug. This bug can be triggered from guest. When this bug occurs, the vhost_worker process is killed while holding `vq->mutex` and the corresponding tpg will remain occupied indefinitely. Below is the KASAN report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 840 Comm: poc Not tainted 6.10.0+ #1 Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:vhost_scsi_get_req+0x165/0x3a0 Code: 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 2b 02 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8b 65 30 4c 89 e2 48 c1 ea 03 <0f> b6 04 02 4c 89 e2 83 e2 07 38 d0 7f 08 84 c0 0f 85 be 01 00 00 RSP: 0018:ffff888017affb50 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88801b000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888017affcb8 RBP: ffff888017affb80 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff888017affc88 R14: ffff888017affd1c R15: ffff888017993000 FS: 000055556e076500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000200027c0 CR3: 0000000010ed0004 CR4: 0000000000370ef0 Call Trace: <TASK> ? show_regs+0x86/0xa0 ? • https://git.kernel.org/stable/c/3f8ca2e115e55af4c15d97dda635e948d2e380be https://git.kernel.org/stable/c/6592347f06e2b19a624270a85ad4b3ae48c3b241 https://git.kernel.org/stable/c/46128370a72c431df733af5ebb065c4d48c9ad39 https://git.kernel.org/stable/c/ace9c778a214da9c98d7b69d904d1b0816f4f681 https://git.kernel.org/stable/c/25613e6d9841a1f9fb985be90df921fa99f800de https://git.kernel.org/stable/c/00fb5b23e1c9cdbe496f5cd6b40367cb895f6c93 https://git.kernel.org/stable/c/61517f33e76d2c5247c1e61e668693afe5b67e6f https://git.kernel.org/stable/c/221af82f606d928ccef19a16d3 •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

CVE-2024-41714

https://notcve.org/view.php?id=CVE-2024-41714

A vulnerability in the Web Interface component of Mitel MiCollab through 9.8 SP1 (9.8.1.5) and MiVoice Business Solution Virtual Instance (MiVB SVI) through 1.0.0.27 could allow an authenticated attacker to conduct a command injection attack, due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges within the context of the system. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.6EPSS: 0%CPEs: -EXPL: 1

CVE-2024-35315

https://notcve.org/view.php?id=CVE-2024-35315

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privilege escalation attack due to improper file validation. A successful exploit could allow an attacker to run arbitrary code with elevated privileges. • https://github.com/ewilded/CVE-2024-35315-POC https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •