what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2021-4037

Status Candidate

Overview

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.

Related Files

Debian Security Advisory 5257-1
Posted Oct 18, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5257-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2021-4037, CVE-2022-0171, CVE-2022-1184, CVE-2022-20421, CVE-2022-2602, CVE-2022-2663, CVE-2022-3061, CVE-2022-3176, CVE-2022-3303, CVE-2022-39188, CVE-2022-39842, CVE-2022-40307, CVE-2022-41674, CVE-2022-42719
SHA-256 | 385b8e712c28212598cf6de49f53f7eb2478d700f61c475c37b978c92ef570db
Ubuntu Security Notice USN-5650-1
Posted Oct 1, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-33655, CVE-2021-33656, CVE-2021-4037, CVE-2022-0850, CVE-2022-1199, CVE-2022-1204, CVE-2022-1729, CVE-2022-20368, CVE-2022-2639, CVE-2022-2964, CVE-2022-2978, CVE-2022-3028, CVE-2022-3202, CVE-2022-36946
SHA-256 | a632d5cd01e37da5d6b95bdc8fbe10f589561b1c98bfa15fbef375169d7f4e19
Red Hat Security Advisory 2022-4956-01
Posted Jun 9, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4956-01 - Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634, CVE-2021-3669, CVE-2021-37159, CVE-2021-3737, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-3918, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-41190, CVE-2021-4157
SHA-256 | 878315e02041e8cdde9d1b5e67ed064f3cf0e6605b2eb860d63e94f3d703f519
Red Hat Security Advisory 2022-4835-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4835-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-20322, CVE-2021-4037, CVE-2022-27666
SHA-256 | 95e6988a22aa68f0965fe8c0ed0beb190a989b46f0cb37acca9c9c1cbf977f6e
Red Hat Security Advisory 2022-4829-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4829-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2021-20322, CVE-2021-4037, CVE-2022-27666
SHA-256 | ad0fd43064be22bb37ddd07867ae9d80aa8c4098cb6cb7b6d692807f50259921
Red Hat Security Advisory 2022-1988-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1988-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, memory leak, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability, memory leak
systems | linux, redhat
advisories | CVE-2020-0404, CVE-2020-13974, CVE-2020-27820, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3669, CVE-2021-37159, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-4157, CVE-2021-41864, CVE-2021-4197, CVE-2021-4203, CVE-2021-42739, CVE-2021-4305
SHA-256 | 37a2bc5df5427ed04000a8d10823bd2aed8f25a960acdbe741e5cfa028d617df
Red Hat Security Advisory 2022-1975-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1975-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, denial of service, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-0404, CVE-2020-13974, CVE-2020-27820, CVE-2021-0941, CVE-2021-20322, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3669, CVE-2021-37159, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-4002, CVE-2021-4037, CVE-2021-4083, CVE-2021-4157, CVE-2021-41864, CVE-2021-4197, CVE-2021-4203, CVE-2021-42739, CVE-2021-43389, CVE-2021-43976
SHA-256 | 76e7a83f67a9594d044f0555940c9cdc95fcacfd7cb6fe3ce07a4e4115106e22
GridPro Request Management For Windows Azure Pack 2.0.7905 Directory Traversal
Posted Oct 25, 2021
Authored by Giulian Guran

GridPro Request Management for Windows Azure Pack versions 2.0.7905 and below suffer from a traversal vulnerability that can allow for arbitrary execution of Powershell scripts.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2021-40371
SHA-256 | 513dd9d3220aed0443768d76d63650e8af9dc973885a471803f11ba9b1c10d5c
Compro Technology IP Camera RTSP Stream Disclosure
Posted Sep 2, 2021
Authored by icekam, Rainbow, tfsec, xiao13

Compro Technology IP Camera suffers from an unauthenticated RTSP stream disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2021-40379
SHA-256 | dc4167cf619ab2d036f1bf82ecffc0493f25e332bd17332a664e6b5700b503af
Compro Technology IP Camera Denial Of Service
Posted Sep 2, 2021
Authored by icekam, Rainbow, tfsec, xiao13

Compro Technology IP Camera suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2021-40378
SHA-256 | 42e847c16bcb82767f5c02370a780af49aa061225fc5e8a1fb7896c43a65a2c0
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close