CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27650 – crun: Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-27650
04 Apr 2022 — A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Se encontró un fallo en crun donde los contenedores eran iniciados incorrectamente con permisos por de... • https://bugzilla.redhat.com/show_bug.cgi?id=2066845 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2022-27649 – podman: Default inheritable capabilities for linux container should be empty
https://notcve.org/view.php?id=CVE-2022-27649
04 Apr 2022 — A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Se ha encontrado un fallo en Podman, donde los contenedores eran iniciados incorrectamente con per... • https://bugzilla.redhat.com/show_bug.cgi?id=2066568 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20238
https://notcve.org/view.php?id=CVE-2021-20238
01 Apr 2022 — It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint... • https://bugzilla.redhat.com/show_bug.cgi?id=1926568 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2022-0718 – python-oslo-utils: incorrect password masking in debug output
https://notcve.org/view.php?id=CVE-2022-0718
24 Mar 2022 — A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. Se ha encontrado un fallo en python-oslo-utils. Debido a un análisis inapropiado, las contraseñas con comillas dobles ( " ) causan un enmascaramiento incorrecto en los registros de depuración, causando que cualquier parte de la contraseña después de las comillas dobles sea texto plano It was... • https://access.redhat.com/security/cve/CVE-2022-0718 • CWE-522: Insufficiently Protected Credentials CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 14%CPEs: 8EXPL: 0CVE-2022-0711 – haproxy: Denial of service via set-cookie2 header
https://notcve.org/view.php?id=CVE-2022-0711
02 Mar 2022 — A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. Se ha encontrado un fallo en la forma en que HAProxy procesa las respuestas HTTP que contienen el encabezado "Set-Cookie2". Este fallo podría permitir a un atacante enviar paquetes de respuesta H... • https://access.redhat.com/security/cve/cve-2022-0711 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0532 – cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied to the host
https://notcve.org/view.php?id=CVE-2022-0532
09 Feb 2022 — An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. Se ha encontrado una vulnerabilidad de comprobación incorrecta de sysctls en CRI-O versiones 1.18 y anteriores. Las sysctls de la lista de sysctls "safe" especificadas para el cluster serán aplicadas al host si un atacante es capaz de crear un... • https://bugzilla.redhat.com/show_bug.cgi?id=2051730 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 73%CPEs: 72EXPL: 1CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
14 Dec 2021 — JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in Au... • https://github.com/cckuailong/log4shell_1.x • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.0EPSS: 0%CPEs: 68EXPL: 1CVE-2021-3609 – kernel: race condition in net/can/bcm.c leads to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-3609
23 Jun 2021 — .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privil... • https://bugzilla.redhat.com/show_bug.cgi?id=1971651 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 7%CPEs: 9EXPL: 36CVE-2021-3560 – Red Hat Polkit Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-3560
03 Jun 2021 — It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que polkit podía ser engañado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, eleva... • https://packetstorm.news/files/id/172836 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-863: Incorrect Authorization •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3529
https://notcve.org/view.php?id=CVE-2021-3529
02 Jun 2021 — A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. Se ha encontrado un fallo en noobaa-core en versiones anteriores a 5.7.... • https://bugzilla.redhat.com/show_bug.cgi?id=1950479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •