Page 41 of 1071 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-27851 – Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed'

https://notcve.org/view.php?id=CVE-2021-27851

A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. • https://bugs.gnu.org/47229 https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2

CVE-2021-30184

https://notcve.org/view.php?id=CVE-2021-30184

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc. GNU Chess versión 6.2.7, permite a atacantes ejecutar código arbitrario por medio de datos PGN (Portable Game Notation) diseñados. Esto está relacionado con un desbordamiento de búfer en el uso de un archivo temporal .tmp.epd en las funciones cmd_pgnload y cmd_pgnreplay en el archivo frontend/cmd.cc • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOGPLC77ZL2FACSOE5MWDS3YH3RBNQAQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXOTMUSBVUZNA3JMPG6BU37DQW2YOJWS https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html https://security • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-20197 – binutils: Race window allows users to own arbitrary files

https://notcve.org/view.php?id=CVE-2021-20197

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. Se presenta una ventana de carrera abierta cuando se escribe la salida en las siguientes utilidades en GNU binutils versiones 2.35 y anteriores: ar, objcopy, strip, ranlib. Cuando estas utilidades son ejecutadas como un usuario privilegiado (presumiblemente como parte de un script que actualiza binarios entre diferentes usuarios), un usuario sin privilegios puede engañar a estas utilidades para que obtengan la propiedad de archivos arbitrario por medio de un enlace simbólico. There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. • https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://security.gentoo.org/glsa/202208-30 https://security.netapp.com/advisory/ntap-20210528-0009 https://sourceware.org/bugzilla/show_bug.cgi?id=26945 https://access.redhat.com/security/cve/CVE-2021-20197 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-20193

https://notcve.org/view.php?id=CVE-2021-20193

A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. Se detectó un fallo en el archivo src/list.c de tar versiones 1.33 y anteriores. Este fallo permite a un atacante que puede enviar un archivo de entrada diseñado a tar causar un consumo no controlado de memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777 https://savannah.gnu.org/bugs/?59897 https://security.gentoo.org/glsa/202105-29 • CWE-125: Out-of-bounds Read CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2

CVE-2021-20284 – binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c

https://notcve.org/view.php?id=CVE-2021-20284

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. Se detectó un fallo en GNU Binutils versión 2.35.1, donde se presenta un desbordamiento de búfer en la región heap de la memoria en la función _bfd_elf_slurp_secondary_reloc_section en el archivo elf.c debido a que el número de símbolos no se calculó correctamente. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema. • https://bugzilla.redhat.com/show_bug.cgi?id=1937784 https://security.gentoo.org/glsa/202208-30 https://security.netapp.com/advisory/ntap-20210521-0010 https://sourceware.org/bugzilla/show_bug.cgi?id=26931 https://access.redhat.com/security/cve/CVE-2021-20284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •