CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0408 – Xorg-x11-server: selinux unlabeled glx pbuffer
https://notcve.org/view.php?id=CVE-2024-0408
A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. Se encontró una falla en el servidor X.Org. El código GLX PBuffer no llama al gancho XACE al crear el búfer, dejándolo sin etiquetar. • https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2996 https://access.redhat.com/security/cve/CVE-2024-0408 https://bugzilla.redhat.com/show_bug.cgi?id=2257689 https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists& • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2024-0409 – Xorg-x11-server: selinux context corruption
https://notcve.org/view.php?id=CVE-2024-0409
A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. Se encontró una falla en el servidor X.Org. El código del cursor tanto en Xephyr como en Xwayland utiliza el tipo incorrecto de privado en el momento de la creación. • https://access.redhat.com/errata/RHSA-2024:0320 https://access.redhat.com/errata/RHSA-2024:2169 https://access.redhat.com/errata/RHSA-2024:2170 https://access.redhat.com/errata/RHSA-2024:2995 https://access.redhat.com/errata/RHSA-2024:2996 https://access.redhat.com/security/cve/CVE-2024-0409 https://bugzilla.redhat.com/show_bug.cgi?id=2257690 https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists& • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 34CVE-2021-4034 – Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
https://notcve.org/view.php?id=CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. • https://github.com/dzonerzy/poc-cve-2021-4034 https://github.com/arthepsy/CVE-2021-4034 https://github.com/berdav/CVE-2021-4034 https://www.exploit-db.com/exploits/50689 https://github.com/PwnFunction/CVE-2021-4034 https://github.com/joeammond/CVE-2021-4034 https://github.com/nikaiw/CVE-2021-4034 https://github.com/ryaagard/CVE-2021-4034 https://github.com/Rvn0xsy/CVE-2021-4034 https://github.com/Ayrx/CVE-2021-4034 https://github.com/zhzyker/CVE-2021-4034& • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2019-13762 – chromium-browser: Insufficient policy enforcement in downloads
https://notcve.org/view.php?id=CVE-2019-13762
Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. Una aplicación de política insuficiente en downloads en Google Chrome en Windows versiones anteriores a la versión 79.0.3945.79, permitió a un atacante local falsificar los archivos descargados por medio de un código local. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1004212 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m • CWE-667: Improper Locking •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2019-13763 – chromium-browser: Insufficient policy enforcement in payments
https://notcve.org/view.php?id=CVE-2019-13763
Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Una aplicación de política insuficiente en payments en Google Chrome versiones anteriores a 79.0.3945.79, permitió a un atacante remoto, que había comprometido el proceso del renderizador, filtrar datos de origen cruzado por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html https://crbug.com/1011600 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2Z5M4FPUMDNX2LDPHJKN5ZV5GIS2AKNU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/m •