CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. • https://access.redhat.com/errata/RHSA-2023:4701 https://access.redhat.com/errata/RHSA-2023:4702 https://access.redhat.com/errata/RHSA-2023:4703 https://access.redhat.com/errata/RHSA-2023:4704 https://access.redhat.com/errata/RHSA-2023:4705 https://access.redhat.com/errata/RHSA-2023:4706 https://access.redhat.com/errata/RHSA-2023:4707 https://access.redhat.com/errata/RHSA-2023:4708 https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVE-2023-38200 – Keylime: registrar is subject to a dos against ssl connections
https://notcve.org/view.php?id=CVE-2023-38200
A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. Se encontró una falla en Keylime. Debido a su naturaleza de bloqueo, el registrador de Keylime está sujeto a una denegación de servicio remota contra sus conexiones SSL. • https://access.redhat.com/errata/RHSA-2023:5080 https://access.redhat.com/security/cve/CVE-2023-38200 https://bugzilla.redhat.com/show_bug.cgi?id=2222692 https://github.com/keylime/keylime/pull/1421 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIZZB5NHNCS5D2AEH3ZAO6OQC72IK7WS • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •
CVE-2022-1274 – keycloak: HTML injection in execute-actions-email Admin REST API
https://notcve.org/view.php?id=CVE-2022-1274
A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users. • https://bugzilla.redhat.com/show_bug.cgi?id=2073157 https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725 https://herolab.usd.de/security-advisories/usd-2021-0033 https://access.redhat.com/security/cve/CVE-2022-1274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2023-0494 – X.Org Server DeepCopyPointerClasses Use-After-Free Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-0494
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DeepCopyPointerClasses function. • https://bugzilla.redhat.com/show_bug.cgi?id=2165995 https://gitlab.freedesktop.org/xorg/xserver/-/commit/0ba6d8c37071131a49790243cdac55392ecf71ec https://lists.x.org/archives/xorg-announce/2023-February/003320.html https://security.gentoo.org/glsa/202305-30 https://access.redhat.com/security/cve/CVE-2023-0494 • CWE-416: Use After Free •
CVE-2023-0179 – kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan
https://notcve.org/view.php?id=CVE-2023-0179
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution. • https://github.com/TurtleARM/CVE-2023-0179-PoC https://github.com/H4K6/CVE-2023-0179-PoC http://packetstormsecurity.com/files/171601/Kernel-Live-Patch-Security-Notice-LNS-0093-1.html https://bugzilla.redhat.com/show_bug.cgi?id=2161713 https://seclists.org/oss-sec/2023/q1/20 https://security.netapp.com/advisory/ntap-20230511-0003 https://access.redhat.com/security/cve/CVE-2023-0179 • CWE-190: Integer Overflow or Wraparound •