CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-44643 – Access policy with access to all tenants and using label selectors has more access
https://notcve.org/view.php?id=CVE-2022-44643
A vulnerability in the label-based access control of Grafana Labs Grafana Enterprise Metrics allows an attacker more access than intended. If an access policy which has label selector restrictions also has been granted access to all tenants in the system, the label selector restrictions will not be applied when using this policy with the affected versions of the software. This issue affects: Grafana Labs Grafana Enterprise Metrics GEM 1.X versions prior to 1.7.1 on AMD64; GEM 2.X versions prior to 2.3.1 on AMD64. Una vulnerabilidad en el control de acceso basado en etiquetas de Grafana Labs Grafana Enterprise Metrics permite a un atacante tener más acceso del previsto. Si a una política de acceso que tiene restricciones del selector de etiquetas también se le ha otorgado acceso a todos los inquilinos del sistema, las restricciones del selector de etiquetas no se aplicarán cuando se use esta política con las versiones afectadas del software. • https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v171----november-14th-2022 https://grafana.com/docs/enterprise-metrics/v2.4.x/downloads/#v231----november-14th-2022 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3890
https://notcve.org/view.php?id=CVE-2008-3890
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during the kernel's return from (1) an interrupt, (2) a trap, or (3) a system call. El kernel de FreeBSD 6.3 hasta 7.0 en las plataformas de amd64 , puede hacer excesivas llamadas swapgs después de un Fallo General de Protección -General Protection Fault (GPF)-; esto permite a usuarios locales obtener privilegios provocando un Fallo General de Protección durante el regreso del kernel desde (1) una interrupción, (2) un paso del proceso de modo de usuario a modo kernel, o (3) una llamada al sistema. • http://secunia.com/advisories/31743 http://security.freebsd.org/advisories/FreeBSD-SA-08:07.amd64.asc http://www.securityfocus.com/bid/31003 http://www.securitytracker.com/id?1020815 https://exchange.xforce.ibmcloud.com/vulnerabilities/44905 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2008-1615 – kernel: ptrace: Unprivileged crash on x86_64 %cs corruption
https://notcve.org/view.php?id=CVE-2008-1615
Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. El kernel de Linux versión 2.6.18 y posiblemente otras versiones, cuando corren bajo arquitecturas AMD64, permite a usuarios locales provocar una denegación de servicio (caída) a través de determinadas llamadas ptrace. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html http://secunia.com/advisories/30112 http://secunia.com/advisories/30252 http://secunia.com/advisories/30294 http://secunia.com • CWE-399: Resource Management Errors •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2007-4574 – EM64T local DoS
https://notcve.org/view.php?id=CVE-2007-4574
Unspecified vulnerability in the "stack unwinder fixes" in kernel in Red Hat Enterprise Linux 5, when running on AMD64 and Intel 64, allows local users to cause a denial of service via unknown vectors. Una vulnerabilidad no especificada en las "stack unwinder fixes" en el kernel de Red Hat Enterprise Linux versión 5, cuando es ejecutado en AMD64 e Intel 64, permite a usuarios locales causar una denegación de servicio por medio de vectores desconocidos. • http://osvdb.org/45489 http://secunia.com/advisories/27322 http://securitytracker.com/id?1018844 http://www.redhat.com/support/errata/RHSA-2007-0940.html http://www.securityfocus.com/bid/26158 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10681 https://access.redhat.com/security/cve/CVE-2007-4574 https://bugzilla.redhat.com/show_bug.cgi?id=298141 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-1036
https://notcve.org/view.php?id=CVE-2005-1036
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc • CWE-909: Missing Initialization of Resource •