CVE-2023-7216 – Cpio: extraction allows symlinks which enables remote command execution
https://notcve.org/view.php?id=CVE-2023-7216
A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which allows files to be written in arbitrary directories through symlinks. Se encontró una vulnerabilidad de path traversal en la utilidad CPIO. Este problema podría permitir que un atacante remoto no autenticado engañe a un usuario para que abra un archivo especialmente manipulado. • https://access.redhat.com/security/cve/CVE-2023-7216 https://bugzilla.redhat.com/show_bug.cgi?id=2249901 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-6240 – Kernel: marvin vulnerability side-channel leakage in the rsa decryption operation
https://notcve.org/view.php?id=CVE-2023-6240
A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key. Se encontró una fuga de canal lateral de vulnerabilidad de Marvin en la operación de descifrado RSA en el kernel de Linux. Este problema puede permitir que un atacante de red descifre textos cifrados o falsifique firmas, limitando los servicios que utilizan esa clave privada. • https://access.redhat.com/errata/RHSA-2024:1881 https://access.redhat.com/errata/RHSA-2024:1882 https://access.redhat.com/errata/RHSA-2024:2758 https://access.redhat.com/errata/RHSA-2024:3414 https://access.redhat.com/errata/RHSA-2024:3421 https://access.redhat.com/errata/RHSA-2024:3618 https://access.redhat.com/errata/RHSA-2024:3627 https://access.redhat.com/security/cve/CVE-2023-6240 https://bugzilla.redhat.com/show_bug.cgi?id=2250843 https://people.redhat.com/ • CWE-203: Observable Discrepancy •
CVE-2023-5992 – Opensc: side-channel leaks while stripping encryption pkcs#1 padding
https://notcve.org/view.php?id=CVE-2023-5992
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. Se encontró una vulnerabilidad en OpenSC donde la eliminación del relleno de cifrado PKCS#1 no se implementa como resistente al canal lateral. Este problema puede resultar en una posible filtración de datos privados. • https://access.redhat.com/errata/RHSA-2024:0966 https://access.redhat.com/errata/RHSA-2024:0967 https://access.redhat.com/security/cve/CVE-2023-5992 https://bugzilla.redhat.com/show_bug.cgi?id=2248685 https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI https://l • CWE-203: Observable Discrepancy •
CVE-2024-1086 – Linux Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2024-1086
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. Una vulnerabilidad de use after free en el componente netfilter: nf_tables del kernel de Linux puede explotarse para lograr una escalada de privilegios local. La función nft_verdict_init() permite valores positivos como error de eliminación dentro del veredicto del gancho y, por lo tanto, la función nf_hook_slow() puede causar una vulnerabilidad double free cuando NF_DROP se emite con un error de eliminación similar a NF_ACCEPT. Recomendamos actualizar después del compromiso f342de4e2f33e0e39165d8639387aa6c19dff660. A flaw was found in the Netfilter subsystem in the Linux kernel. • https://github.com/Notselwyn/CVE-2024-1086 https://github.com/feely666/CVE-2024-1086 https://github.com/CCIEVoice2009/CVE-2024-1086 https://github.com/pl0xe/CVE-2024-1086 https://github.com/xzx482/CVE-2024-1086 https://github.com/kevcooper/CVE-2024-1086-checker https://github.com/matrixvk/CVE-2024-1086-aarch64 http://www.openwall.com/lists/oss-security/2024/04/10/22 http://www.openwall.com/lists/oss-security/2024/04/10/23 http://www.openwall.com/lists/oss& • CWE-416: Use After Free •
CVE-2024-0914 – Opencryptoki: timing side-channel in handling of rsa pkcs#1 v1.5 padded ciphertexts (marvin)
https://notcve.org/view.php?id=CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. Se descubrió una vulnerabilidad de canal lateral de temporización en el paquete opencryptoki mientras se procesan textos cifrados acolchados RSA PKCS#1 v1.5. Este fallo podría potencialmente permitir el descifrado o la firma de texto cifrado RSA no autorizado, incluso sin acceso a la clave privada correspondiente. • https://access.redhat.com/errata/RHSA-2024:1239 https://access.redhat.com/errata/RHSA-2024:1411 https://access.redhat.com/errata/RHSA-2024:1608 https://access.redhat.com/errata/RHSA-2024:1856 https://access.redhat.com/errata/RHSA-2024:1992 https://access.redhat.com/security/cve/CVE-2024-0914 https://bugzilla.redhat.com/show_bug.cgi?id=2260407 https://people.redhat.com/~hkario/marvin • CWE-203: Observable Discrepancy •