CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28656 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28656
17 May 2022 — is_closing_session() allows users to consume RAM in the Apport process is_closing_session() permite a los usuarios consumir RAM en el proceso de Apport Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this iss... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28657 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28657
17 May 2022 — Apport does not disable python crash handler before entering chroot Apport no desactiva el controlador de fallos de Python antes de ingresar a chroot Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28658 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28658
17 May 2022 — Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing El análisis de argumentos de Apport maneja mal la división de nombres de archivos en núcleos más antiguos, lo que resulta en suplantación de argumentos Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly... • https://ubuntu.com/security/notices/USN-5427-1 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28655 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28655
17 May 2022 — is_closing_session() allows users to create arbitrary tcp dbus connections is_closing_session() permite a los usuarios crear conexiones tcp dbus arbitrarias Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use thi... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 27EXPL: 2CVE-2022-1055 – Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel
https://notcve.org/view.php?id=CVE-2022-1055
29 Mar 2022 — A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 se presenta un uso de memoria previamente liberada en el Kernel de Linux en la función tc_new_tfilter que podría permitir a un atacante local alcanzar una escalada de privilegios. La explotación requiere espacios de nombres de usuarios no privilegiados. Recom... • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 7%CPEs: 50EXPL: 8CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
23 Feb 2022 — A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 rel... • https://packetstorm.news/files/id/176099 • CWE-287: Improper Authentication CWE-862: Missing Authorization •