CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0358 – QEMU: virtiofsd: potential privilege escalation via CVE-2018-13405
https://notcve.org/view.php?id=CVE-2022-0358
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. • https://access.redhat.com/security/cve/CVE-2022-0358 https://bugzilla.redhat.com/show_bug.cgi?id=2044863 https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca https://security.netapp.com/advisory/ntap-20221007-0008 • CWE-273: Improper Check for Dropped Privileges •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-4158 – QEMU: NULL pointer dereference in pci_write() in hw/acpi/pcihp.c
https://notcve.org/view.php?id=CVE-2021-4158
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Se ha encontrado un problema de desreferencia de puntero NULL en el código ACPI de QEMU. Un usuario malicioso y con privilegios dentro del huésped podía usar este fallo para bloquear el proceso de QEMU en el host, resultando en una situación de denegación de servicio. • https://access.redhat.com/security/cve/CVE-2021-4158 https://bugzilla.redhat.com/show_bug.cgi?id=2035002 https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e https://gitlab.com/qemu-project/qemu/-/issues/770 https://www.mail-archive.com/qemu-devel%40nongnu.org/msg857944.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-3700
https://notcve.org/view.php?id=CVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la función usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando son serializados grandes cantidades de datos de escritura en búfer en el caso de un destino lento o bloqueado • https://bugzilla.redhat.com/show_bug.cgi?id=1992830 https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2021-3596
https://notcve.org/view.php?id=CVE-2021-3596
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. Se ha encontrado un fallo de desreferencia de puntero NULL en ImageMagick en versiones anteriores a 7.0.10-31 en la función ReadSVGImage() en el archivo coders/svg.c. Este problema es debido a que no es comprobado el valor de retorno de xmlCreatePushParserCtxt() de libxml2 y es usado el valor directamente, conllevando a un fallo de bloqueo y segmentación • https://bugzilla.redhat.com/show_bug.cgi?id=1970569 https://github.com/ImageMagick/ImageMagick/issues/2624 https://lists.debian.org/debian-lts-announce/2022/05/msg00018.html https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3610
https://notcve.org/view.php?id=CVE-2021-3610
A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault. Se ha encontrado una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en ImageMagick en las versiones anteriores a 7.0.11-14 en la función ReadTIFFImage() en el archivo coders/tiff.c. Este problema es debido a un ajuste incorrecto del tamaño de la matriz de píxeles, que puede conllevar un fallo de bloqueo y segmentación • http://www.openwall.com/lists/oss-security/2023/05/29/4 http://www.openwall.com/lists/oss-security/2023/06/05/1 https://bugzilla.redhat.com/show_bug.cgi?id=1973689 https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •