CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5536
https://notcve.org/view.php?id=CVE-2023-5536
A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. Una característica en LXD (LP#1829071) afecta la configuración predeterminada de Ubuntu Server que permite a los usuarios privilegiados del grupo lxd escalar su privilegio a root sin requerir una contraseña sudo. • https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1829071 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5536 https://discourse.ubuntu.com/t/easy-multi-user-lxd-setup/26215/4 https://ubuntu.com/security/CVE-2023-5536 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2021-3492 – Ubuntu linux kernel shiftfs file system double free vulnerability
https://notcve.org/view.php?id=CVE-2021-3492
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. Shiftfs, un sistema de archivos de apilamiento fuera del árbol incluido en los kernels de Ubuntu Linux, no manejaba apropiadamente los fallos que ocurrían durante la función copy_from_user(). • https://github.com/synacktiv/CVE-2021-3492 http://packetstormsecurity.com/files/162614/Kernel-Live-Patch-Security-Notice-LSN-0077-1.html https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=25c891a949bf918b59cbc6e4932015ba4c35c333 https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=8fee52ab9da87d82bc6de9ebb3480fff9b4d53e6 https://ubuntu.com/security/notices/USN-4917-1 https://www.openwall.com/lists/oss-security/2021/04/16/2 https:&#x • CWE-401: Missing Release of Memory after Effective Lifetime CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 14CVE-2021-3493 – Linux Kernel Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges. La implementación de overlayfs en el kernel de Linux no comprobó apropiadamente con respecto a los espacios de nombre de los usuarios, la configuración de las capacidades de los archivos en un sistema de archivos subyacente. Debido a la combinación de los espacios de nombre de usuarios no privilegiados junto con un parche incluido en el kernel de Ubuntu para permitir montajes de superposición no privilegiados, un atacante podría usar esto para alcanzar privilegios elevados The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. • https://github.com/briskets/CVE-2021-3493 https://github.com/inspiringz/CVE-2021-3493 https://github.com/oneoy/CVE-2021-3493 https://github.com/cerodah/overlayFS-CVE-2021-3493 https://github.com/derek-turing/CVE-2021-3493 https://github.com/puckiestyle/CVE-2021-3493 https://github.com/smallkill/CVE-2021-3493 https://github.com/Abdennour-py/CVE-2021-3493 https://github.com/fei9747/CVE-2021-3493 https://github.com/ptkhai15/OverlayFS---CVE-2021-3493 https://git • CWE-270: Privilege Context Switching Error CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-16119 – DCCP CCID structure use-after-free
https://notcve.org/view.php?id=CVE-2020-16119
Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. Una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux explotable por un atacante local debido a la reutilización de un socket DCCP con un objeto dccps_hc_tx_ccid adjunto como oyente después de ser liberado. Corregido en el kernel de Ubuntu Linux versiones 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 y 3.2.0-149.196 • https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/focal/commit/?id=01872cb896c76cedeabe93a08456976ab55ad695 https://launchpad.net/bugs/1883840 https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza%40canonical.com/T https://security.netapp.com/advisory/ntap-20210304-0006 https://ubuntu.com/USN-4576-1 https://ubuntu.com/USN-4 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 1CVE-2020-7070 – PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
https://notcve.org/view.php?id=CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando PHP procesa valores de cookies HTTP entrantes, los nombres de las cookies se decodifican de la URL. Esto puede conllevar a que las cookies con prefijos como __Host se confundan con las cookies que decodifican dicho prefijo, lo que conlleva a que un atacante pueda falsificar una cookie que se supone que es segura. • http://cve.circl.lu/cve/CVE-2020-8184 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html https://bugs.php.net/bug.php?id=79699 https://hackerone.com/reports/895727 https://lists.debian.org/debian-lts-announce/2020/10/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E https://lists.fedoraproject.org/archives/list/ • CWE-20: Improper Input Validation CWE-565: Reliance on Cookies without Validation and Integrity Checking •