CVSS: 9.9EPSS: 22%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10751 – kernel: SELinux netlink permission check bypass
https://notcve.org/view.php?id=CVE-2020-10751
26 May 2020 — A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. Se detectó un fallo en la implementación del enlace SELinux LSM de kernels de Linux versiones anteriores a 5.7, donde se asumía incorrectamente ... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html • CWE-345: Insufficient Verification of Data Authenticity CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 8.8EPSS: 0%CPEs: 757EXPL: 0CVE-2019-0155 – hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write
https://notcve.org/view.php?id=CVE-2019-0155
12 Nov 2019 — Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka... • http://packetstormsecurity.com/files/155375/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0205 – thrift: Endless loop when feed with specific input data
https://notcve.org/view.php?id=CVE-2019-0205
28 Oct 2019 — In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings. En Apache Thrift, todas las versiones hasta 0.12.0 incluyéndola, un servidor o cliente pueden correr en un bucle sin fin cuando es alimentado con datos de entrada específicos. Debido a que el problema ya se había soluciona... • http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3CVI1PR0101MB2142E0EA19F582429C3AEBCBB1920%40VI1PR0101MB2142.eurprd01.prod.exchangelabs.com%3E • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0210 – thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
https://notcve.org/view.php?id=CVE-2019-0210
28 Oct 2019 — In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. En Apache Thrift versiones 0.9.3 hasta 0.12.0, un servidor implementado en Go usando TJSONProtocol o TSimpleJSONProtocol puede entrar en pánico cuando es alimentado con datos de entrada no válidos. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterpris... • http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E • CWE-125: Out-of-bounds Read •
CVSS: 9.0EPSS: 84%CPEs: 47EXPL: 29CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
15 Oct 2019 — In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro... • https://www.exploit-db.com/exploits/47502 • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.4EPSS: 0%CPEs: 32EXPL: 1CVE-2019-14823 – JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate
https://notcve.org/view.php?id=CVE-2019-14823
14 Oct 2019 — A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. Se detectó un fallo en la implementación de la política OCSP "Leaf and Chain" en las versiones de CryptoManager de JSS versiones posteriores a 4.4.6, 4.5.3, 4.6.0, donde confiaba implíci... • https://access.redhat.com/errata/RHSA-2019:3067 • CWE-295: Improper Certificate Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 1%CPEs: 51EXPL: 0CVE-2019-17531 – jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.*
https://notcve.org/view.php?id=CVE-2019-17531
12 Oct 2019 — A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. Se detectó un problema de escritura polimórfica en FasterXML jackson-databind versiones 2.0.0 hasta 2.9... • https://access.redhat.com/errata/RHSA-2019:4192 • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2019-14846 – ansible: secrets disclosed on logs when no_log enabled
https://notcve.org/view.php?id=CVE-2019-14846
08 Oct 2019 — In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. En Ansible, todas las versiones de Ansible Engine hasta ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, se registraban en el nivel DEBUG, lo que ... • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html • CWE-117: Improper Output Neutralization for Logs CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 1%CPEs: 62EXPL: 0CVE-2019-16943 – jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource
https://notcve.org/view.php?id=CVE-2019-16943
01 Oct 2019 — A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. Se descubrió un problema de escritura poli... • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-502: Deserialization of Untrusted Data •