Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NGINX EXPLOIT
- nginx/1.20.1
- GOVERMENT OF UZBEKISTAN
- https://gps.103.gov.uz/
- HIGH SEVERITY
- Use After Free
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.28-10 and glibc/libc6@2.28-10
- Detailed paths
- Introduced through: nginx@1.20.1 › glibc/libc-bin@2.28-10
- Introduced through: nginx@1.20.1 › glibc/libc6@2.28-10
- NVD Description
- Note: Versions mentioned in the description apply to the upstream glibc package.
- The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
- Use After Free vulnerability report
- HIGH SEVERITY
- Integer Overflow or Wraparound
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.28-10 and glibc/libc6@2.28-10
- Detailed paths
- Introduced through: nginx@1.20.1 › glibc/libc-bin@2.28-10
- Introduced through: nginx@1.20.1 › glibc/libc6@2.28-10
- NVD Description
- Note: Versions mentioned in the description apply to the upstream glibc package.
- The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
- Integer Overflow or Wraparound vulnerability report
- HIGH SEVERITY
- Double Free
- Vulnerable module: icu/libicu63
- Introduced through: icu/libicu63@63.1-6+deb10u1
- Detailed paths
- Introduced through: nginx@1.20.1 › icu/libicu63@63.1-6+deb10u1
- NVD Description
- Note: Versions mentioned in the description apply to the upstream icu package.
- Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- HIGH SEVERITY
- Double Free
- Vulnerable module: icu/libicu63
- Introduced through: icu/libicu63@63.1-6+deb10u1
- Detailed paths
- Introduced through: nginx@1.20.1 › icu/libicu63@63.1-6+deb10u1
- NVD Description
- Note: Versions mentioned in the description apply to the upstream icu package.
- Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- Double Free vulnerability report
- HIGH SEVERITY
- Information Exposure
- Vulnerable module: gcc-8/gcc-8-base
- Introduced through: gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 and others
- Detailed paths
- Introduced through: nginx@1.20.1 › gcc-8/gcc-8-base@8.3.0-6
- Introduced through: nginx@1.20.1 › gcc-8/libgcc1@1:8.3.0-6
- Introduced through: nginx@1.20.1 › gcc-8/libstdc++6@8.3.0-6
- NVD Description
- Note: Versions mentioned in the description apply to the upstream gcc-8 package.
- stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.
- HIGH SEVERITY
- Incorrect Privilege Assignment
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@241-7~deb10u8 and systemd/libudev1@241-7~deb10u8
- Detailed paths
- Introduced through: nginx@1.20.1 › systemd/libsystemd0@241-7~deb10u8
- Introduced through: nginx@1.20.1 › systemd/libudev1@241-7~deb10u8
- NVD Description
- Note: Versions mentioned in the description apply to the upstream systemd package.
- It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled.
- Incorrect Privilege Assignment vulnerability report
- HIGH SEVERITY
- Privilege Chaining
- Vulnerable module: systemd/libsystemd0
- Introduced through: systemd/libsystemd0@241-7~deb10u8 and systemd/libudev1@241-7~deb10u8
- Detailed paths
- Introduced through: nginx@1.20.1 › systemd/libsystemd0@241-7~deb10u8
- Introduced through: nginx@1.20.1 › systemd/libudev1@241-7~deb10u8
- NVD Description
- Note: Versions mentioned in the description apply to the upstream systemd package.
- It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
- Privilege Chaining vulnerability report
- HIGH SEVERITY
- Cleartext Transmission of Sensitive Information
- Vulnerable module: curl
- Introduced through: curl@7.64.0-4+deb10u2 and curl/libcurl4@7.64.0-4+deb10u2
- Detailed paths
- Introduced through: nginx@1.20.1 › curl@7.64.0-4+deb10u2
- Introduced through: nginx@1.20.1 › curl/libcurl4@7.64.0-4+deb10u2
- NVD Description
- Note: Versions mentioned in the description apply to the upstream curl package.
- A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (--ssl-reqd on the command line orCURLOPT_USE_SSL set to CURLUSESSL_CONTROL or CURLUSESSL_ALL withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations withoutTLS contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
- HIGH SEVERITY
- Insufficient Entropy
- Vulnerable module: gcc-8/gcc-8-base
- Introduced through: gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 and others
- Detailed paths
- Introduced through: nginx@1.20.1 › gcc-8/gcc-8-base@8.3.0-6
- Introduced through: nginx@1.20.1 › gcc-8/libgcc1@1:8.3.0-6
- Introduced through: nginx@1.20.1 › gcc-8/libstdc++6@8.3.0-6
- NVD Description
- Note: Versions mentioned in the description apply to the upstream gcc-8 package.
- The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.
- Insufficient Entropy vulnerability report
- HIGH SEVERITY
- Reachable Assertion
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.28-10 and glibc/libc6@2.28-10
- Detailed paths
- Introduced through: nginx@1.20.1 › glibc/libc-bin@2.28-10
- Introduced through: nginx@1.20.1 › glibc/libc6@2.28-10
- NVD Description
- Note: Versions mentioned in the description apply to the upstream glibc package.
- The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
- #GhostSec
- #WhosYourDaddySec
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement