Page 87 of 3715 results (0.020 seconds)

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-27651 – buildah: Default inheritable capabilities for linux container should be empty

https://notcve.org/view.php?id=CVE-2022-27651

A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. Se ha encontrado un fallo en buildah por el que los contenedores eran iniciados incorrectamente con permisos por defecto no vacíos. Se ha encontrado un bug en Moby (Docker Engine) donde los contenedores eran iniciados incorrectamente con capacidades de proceso Linux heredables no vacías, permitiendo a un atacante con acceso a programas con capacidades de archivo heredables elevar esas capacidades al conjunto permitido cuando execve(2) se ejecuta. • https://bugzilla.redhat.com/show_bug.cgi?id=2066840 https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25YI27MENCEPZTTGRVU6BQD5V53FNI52 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VWH6X6HOFPO6HTESF42HIJZEPXSWVIO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org& • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0

CVE-2022-27649 – podman: Default inheritable capabilities for linux container should be empty

https://notcve.org/view.php?id=CVE-2022-27649

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. Se ha encontrado un fallo en Podman, donde los contenedores eran iniciados incorrectamente con permisos por defecto no vacíos. Se ha encontrado una vulnerabilidad en Moby (Docker Engine), donde los contenedores eran iniciados incorrectamente con capacidades de proceso Linux heredables no vacías. • https://bugzilla.redhat.com/show_bug.cgi?id=2066568 https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 https://github.com/containers/podman/security/advisories/GHSA-qvf8-p83w-v58j https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org&#x • CWE-276: Incorrect Default Permissions •

CVSS: 3.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-35501

https://notcve.org/view.php?id=CVE-2020-35501

A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem Se ha encontrado un fallo en la implementación de reglas de auditoría en los kernels de Linux, donde una llamada al sistema puede no ser registrada correctamente por el subsistema de auditoría • https://bugzilla.redhat.com/show_bug.cgi?id=1908577 • CWE-863: Incorrect Authorization •

CVSS: 8.6EPSS: 0%CPEs: 27EXPL: 2

CVE-2022-1055 – Use after Free in tc_new_tfilter allowing for privilege escalation in Linux Kernel

https://notcve.org/view.php?id=CVE-2022-1055

A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 se presenta un uso de memoria previamente liberada en el Kernel de Linux en la función tc_new_tfilter que podría permitir a un atacante local alcanzar una escalada de privilegios. La explotación requiere espacios de nombres de usuarios no privilegiados. Recomendamos actualizar el commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 A use-after-free vulnerability was found in the tc_new_tfilter function in net/sched/cls_api.c in the Linux kernel. • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 https://kernel.dance/#04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 https://security.netapp.com/advisory/ntap-20220506-0007 https://syzkaller.appspot.com/bug?id=2212474c958978ab86525fe6832ac8102c309ffc https://access.redhat.com/security/cve/CVE-2022-1055 https://bugzilla.redhat.com/show_bug.cgi?id=2070220 • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2021-4189 – python: ftplib should not use the host from the PASV response

https://notcve.org/view.php?id=CVE-2021-4189

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. Se ha encontrado un fallo en Python, concretamente en la biblioteca del cliente FTP (File Transfer Protocol) en modo PASV (pasivo). • https://access.redhat.com/security/cve/CVE-2021-4189 https://bugs.python.org/issue43285 https://bugzilla.redhat.com/show_bug.cgi?id=2036020 https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://python-security.readthedocs.io/vuln/ftplib-pasv.html https://security-tracker.debian.org/tracker/CVE-2021-4189 https://security.netapp • CWE-252: Unchecked Return Value •