CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 1CVE-2016-3699 – kernel: ACPI table override allowed when securelevel is enabled
https://notcve.org/view.php?id=CVE-2016-3699
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. El kernel de Linux, tal como se utiliza en Red Hat Enterprise Linux 7.2 y Red Hat Enterprise MRG 2 y cuando se arranca con UEFI Secure Boot habilitado, permite a usuarios locales eludir las restricciones destinadas a Secure Boot y ejecutar código no confiable añadiendo tablas ACPI para el initrd. • http://rhn.redhat.com/errata/RHSA-2016-2574.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://www.openwall.com/lists/oss-security/2016/09/22/4 http://www.securityfocus.com/bid/93114 https://bugzilla.redhat.com/show_bug.cgi?id=1329653 https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76 https://access.redhat.com/security/cve/CVE-2016-3699 • CWE-264: Permissions, Privileges, and Access Controls CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-4470 – kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
https://notcve.org/view.php?id=CVE-2016-4470
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. La función key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versión 4.6.3 no asegura que cierta estructura de datos esté inicializada, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores involucrando un comando keyctl request2 manipulado. A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org • CWE-253: Incorrect Check of Function Return Value •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2015-1350
https://notcve.org/view.php?id=CVE-2015-1350
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. El subsistema VFS en el kernel de Linux 3.x provee un conjunto incompleto de requerimientos para operaciones setattr que subespecifica eliminando atributos de extensión de privilegios, lo que permite a usuarios locales provocar una denegación de servicio (desprovisión de capacidad) a través de una invocación fallida of a system call, según lo demostrado usando chown para eliminar una capacidad una capacidad de ping o del programa dumpcap de Wireshark. • http://marc.info/?l=linux-kernel&m=142153722930533&w=2 http://www.openwall.com/lists/oss-security/2015/01/24/5 http://www.securityfocus.com/bid/76075 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492 https://bugzilla.redhat.com/show_bug.cgi?id=1185139 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2015-7837 – kernel: securelevel disabled after kexec
https://notcve.org/view.php?id=CVE-2015-7837
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. El kernel de Linux, tal y como se emplea en Red Hat Enterprise Linux 7, kernel-rt y Enterprise MRG 2 y cuando se emplea con UEFI Secure Boot habilitado, permite que usuarios locales omitan las restricciones securelevel/secureboot previstas aprovechando la gestión incorrecta de la marca secure_boot cuando se reinicia kexec. A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination. • http://rhn.redhat.com/errata/RHSA-2015-2152.html http://rhn.redhat.com/errata/RHSA-2015-2411.html http://www.openwall.com/lists/oss-security/2015/10/15/6 http://www.securityfocus.com/bid/77097 https://bugzilla.redhat.com/show_bug.cgi?id=1272472 https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798 https://access.redhat.com/security/cve/CVE-2015-7837 • CWE-254: 7PK - Security Features CWE-456: Missing Initialization of a Variable •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2012-6685 – rubygem-nokogiri: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2012-6685
Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE. • https://bugzilla.redhat.com/show_bug.cgi?id=1178970 https://github.com/sparklemotion/nokogiri/issues/693 https://nokogiri.org/CHANGELOG.html#154-2012-06-12 https://access.redhat.com/security/cve/CVE-2012-6685 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •