CVE-2022-0179
published 2022-01-12CVE-2022-0179: Missing Authorization in snipe/snipe-it snipe-it is vulnerable to Missing Authorization
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
EPSS
0.64%
46.0th percentile
Missing Authorization in snipe/snipe-it
snipe-it is vulnerable to Missing Authorization
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snipe | snipe-it | >= 0 < 5.3.7 | 5.3.7 |
| snipe | snipe_snipe-it | >= unspecified < 5.3.6 | 5.3.6 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv3.06.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
cvelistv55.4MEDIUM
osv7.8HIGH
cisa5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-oem-6.1 vulnerabilities
osv·2023-02-09·CVSS 7.0
CVE-2023-0179 linux-oem-6.1 vulnerabilities
linux-oem-6.1 vulnerabilities
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-0179)
Hu Jiahui discovered that multiple race conditions existed in the Advanced
Linux Sound Architecture (ALSA) framework, leading to use-after-free
vulnerabilities. A local attacker could use these to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-1048)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitra
OSV
linux-oem-5.17 vulnerabilities
osv·2023-02-09·CVSS 7.8
CVE-2023-0179 linux-oem-5.17 vulnerabilities
linux-oem-5.17 vulnerabilities
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-0179)
It was discovered that the Netronome Ethernet driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3545)
Tamás Koczka discovered that the Bluetooth L2CAP implementation in the
Linux kernel did not properly initialize memory in some situations. A
physically proximate attacker could possibly use this to expose sensitive
information (kernel memory). (CVE-2022-42895)
I
OSV
linux-oem-5.14 vulnerabilities
osv·2023-02-09·CVSS 7.8
CVE-2023-0179 linux-oem-5.14 vulnerabilities
linux-oem-5.14 vulnerabilities
Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel
did not properly handle VLAN headers in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-0179)
It was discovered that the Netronome Ethernet driver in the Linux kernel
contained a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3545)
It was discovered that the Intel i915 graphics driver in the Linux kernel
did not perform a GPU TLB flush in some situations. A local attacker could
use this to cause a denial of service or possibly execute arbitrary code.
(CVE-2022-4139)
Tamás Koczka discovered
OSV
Incorrect Default Permissions and Improper Access Control in snipe-it
osv·2022-01-21
CVE-2022-0179 [MEDIUM] Incorrect Default Permissions and Improper Access Control in snipe-it
Incorrect Default Permissions and Improper Access Control in snipe-it
snipe-it is vulnerable to Improper Access Control/Incorrect Default Permissions.
GHSA
Incorrect Default Permissions and Improper Access Control in snipe-it
ghsa·2022-01-21
CVE-2022-0179 [MEDIUM] CWE-276 Incorrect Default Permissions and Improper Access Control in snipe-it
Incorrect Default Permissions and Improper Access Control in snipe-it
snipe-it is vulnerable to Improper Access Control/Incorrect Default Permissions.
CVEList
Missing Authorization in snipe/snipe-it
cvelistv5·2022-01-12·CVSS 5.4
CVE-2022-0179 [MEDIUM] CWE-862 Missing Authorization in snipe/snipe-it
Missing Authorization in snipe/snipe-it
snipe-it is vulnerable to Missing Authorization
CISA
Cisco IOS Software Denial-of-Service Vulnerability
cisa·2022-03-03·CVSS 5.9
CVE-2018-0179 [MEDIUM] CWE-399 Cisco IOS Software Denial-of-Service Vulnerability
Vulnerability: Cisco IOS Software Denial-of-Service Vulnerability
Affected: Cisco IOS Software
A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-0179
Remediation Due Date: 2022-03-17
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-12
Published