CVE-2022-2568 – Ansible: Logic flaw leads to privilage escalation
https://notcve.org/view.php?id=CVE-2022-2568
A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges. Se ha encontrado un fallo de escalada de privilegios en Ansible Automation Platform. Este fallo permite a un usuario remoto autenticado con permisos de tipo "change user" modificar la configuración de la cuenta de superusuario y también eliminar los privilegios de superusuario. • https://bugzilla.redhat.com/show_bug.cgi?id=2108653 https://access.redhat.com/security/cve/CVE-2022-2568 • CWE-269: Improper Privilege Management •
CVE-2021-4112 – ansible-tower: Privilege escalation via job isolation escape
https://notcve.org/view.php?id=CVE-2021-4112
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. Se ha encontrado un fallo en ansible-tower en el que la instalación por defecto es vulnerable al escape de aislamiento de trabajos. Este fallo permite a un atacante elevar el privilegio de un usuario con pocos privilegios a un usuario AWX desde fuera del entorno aislado. • https://access.redhat.com/security/cve/CVE-2021-4112 https://bugzilla.redhat.com/show_bug.cgi?id=2028121 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2020-0603 – dotnet: Memory Corruption in SignalR
https://notcve.org/view.php?id=CVE-2020-0603
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software ASP.NET Core cuando el software presenta un fallo al manejar los objetos en memoria. Un atacante que explotó con éxito la vulnerabilidad podría ejecutar código arbitrario en el contexto del usuario actual, también se conoce como "ASP.NET Core Remote Code Execution Vulnerability". A memory corruption flaw was found in ASP.NET core. A client can write to freed memory on the server which could result in undefined behavior. • https://access.redhat.com/errata/RHSA-2020:0130 https://access.redhat.com/errata/RHSA-2020:0134 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603 https://access.redhat.com/security/cve/CVE-2020-0603 https://bugzilla.redhat.com/show_bug.cgi?id=1789624 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2020-0602 – dotnet: Denial of service via backpressure issue
https://notcve.org/view.php?id=CVE-2020-0602
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio cuando ASP.NET Core maneja inapropiadamente las peticiones web, también se conoce como "ASP.NET Core Denial of Service Vulnerability". A denial of service flaw was found in ASP.NET Core. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted requests to an ASP.NET Core application. The highest threat from this flaw is system availability. • https://access.redhat.com/errata/RHSA-2020:0130 https://access.redhat.com/errata/RHSA-2020:0134 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0602 https://bugzilla.redhat.com/show_bug.cgi?id=1789623 • CWE-400: Uncontrolled Resource Consumption •
CVE-2019-0820 – dotnet: timeouts for regular expressions are not enforced
https://notcve.org/view.php?id=CVE-2019-0820
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. Existe una vulnerabilidad de Denegación de Servicio (DoS) cuando .NET Framework y .NET Core procesan inapropiadamente cadenas RegEx, conocidas como ".NET Framework y .NET Core Denial of Service Vulnerability". Este ID de CVE es diferente de CVE-2019-0980, CVE-2019-0981. • https://access.redhat.com/errata/RHSA-2019:1259 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0820 https://bugzilla.redhat.com/show_bug.cgi?id=1705506 • CWE-400: Uncontrolled Resource Consumption •