CVSS: 10.0EPSS: 97%CPEs: 6EXPL: 4CVE-2022-0543 – Debian-specific Redis Server Lua Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2022-0543
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. Se ha detectado que redis, una base de datos persistente de valores clave, debido a un problema de empaquetado, es propenso a un escape del sandbox de Lua (específico de Debian), que podría resultar en una ejecución de código remota Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. • https://github.com/0x7eTeam/CVE-2022-0543 https://github.com/z92g/CVE-2022-0543 https://github.com/JacobEbben/CVE-2022-0543 http://packetstormsecurity.com/files/166885/Redis-Lua-Sandbox-Escape.html https://bugs.debian.org/1005787 https://lists.debian.org/debian-security-announce/2022/msg00048.html https://security.netapp.com/advisory/ntap-20220331-0004 https://www.debian.org/security/2022/dsa-5081 https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce • CWE-862: Missing Authorization •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 2CVE-2021-4120 – snapd could be made to bypass intended access restrictions through snap content interfaces and layout paths
https://notcve.org/view.php?id=CVE-2021-4120
snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no lleva a cabo una comprobación suficiente de la interfaz de contenido de snap y de las rutas de diseño, resultando en una posibilidad de que los snaps inyecten reglas de política de AppArmor arbitrarias por medio de declaraciones de interfaz de contenido y de diseño mal formadas y, por tanto, escapen al confinamiento estricto de snap. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1 • http://www.openwall.com/lists/oss-security/2022/02/18/2 https://bugs.launchpad.net/snapd/+bug/1949368 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7 https://ubuntu.com/security/notices/USN-5292-1 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-44730 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44730
snapd 2.54.2 did not properly validate the location of the snap-confine binary. A local attacker who can hardlink this binary to another location to cause snap-confine to execute other arbitrary binaries and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versión 2.54.2, no comprueba apropiadamente la ubicación del binario snap-confine. Un atacante local que pueda enlazar este binario a otra ubicación puede causar que snap-confine ejecute otros binarios arbitrarios y, por lo tanto, alcanzar una escalada de privilegios. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1 • http://www.openwall.com/lists/oss-security/2022/02/18/2 http://www.openwall.com/lists/oss-security/2022/02/23/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QTBN7LLZISXIA4KU4UKDR27Q5PXDS2U https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGHG6LJAVJJ72TMART6A7N4Z6MSTGI7 https://ubuntu.com/security/notices/USN-5292-1 https://www.debian.org/security/2022/dsa-5080 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3155 – snapd created ~/snap with too-wide permissions
https://notcve.org/view.php?id=CVE-2021-3155
snapd 2.54.2 and earlier created ~/snap directories in user home directories without specifying owner-only permissions. This could allow a local attacker to read information that should have been private. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 snapd versiones 2.54.2 y anteriores, creaban directorios ~/snap en los directorios personales de usuarios sin especificar los permisos de sólo propietario. Esto podía permitir a un atacante local leer información que debería ser privada. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1 • https://github.com/snapcore/snapd/commit/6bcaeeccd16ed8298a301dd92f6907f88c24cc85 https://github.com/snapcore/snapd/commit/7d2a966620002149891446a53cf114804808dcca https://ubuntu.com/security/notices/USN-5292-1 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 5CVE-2021-44731 – snapd could be made to escalate privileges and run programs as administrator
https://notcve.org/view.php?id=CVE-2021-44731
A race condition existed in the snapd 2.54.2 snap-confine binary when preparing a private mount namespace for a snap. This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence gain privilege escalation. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 Se presentaba una condición de carrera en snapd versión 2.54.2 en el binario snap-confine cuando era preparado un espacio de nombres de montaje privado para un snap. Esto podía permitir a un atacante local alcanzar privilegios de root al montar su propio contenido dentro del espacio de nombres de montaje privado del snap y causar que snap-confine ejecutara código arbitrario y por lo tanto obtuviera una escalada de privilegios. Corregido en snapd versiones 2.54.3+18.04, 2.54.3+20.04 y 2.54.3+21.10.1 • https://github.com/deeexcee-io/CVE-2021-44731-snap-confine-SUID http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html http://seclists.org/fulldisclosure/2022/Dec/4 http://www.openwall.com/lists/oss-security/2022/02/18/2 http://www.openwall.com/lists/oss-security/2022/02/23/1 http://www.openwall.com/lists/oss-security/2022/02/23/2 http://www.openwall.com/lists/oss-security/2022/11/30/2 https://lists.fedoraproje • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •