5 results (0.029 seconds)

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2022-48658 – mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.

https://notcve.org/view.php?id=CVE-2022-48658

Eventos WQ_MEM_RECLAIM:flush_cpu_slab ADVERTENCIA: CPU: 37 PID: 410 en kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Cola de trabajo: vme-delete-wq nvme_delete_ctrl_work [ nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Seguimiento de llamadas: __flush_work.isra.0+0xbf/0x220? • https://git.kernel.org/stable/c/5a836bf6b09f99ead1b69457ff39ab3011ece57b https://git.kernel.org/stable/c/61703b248be993eb4997b00ae5d3318e6d8f3c5b https://git.kernel.org/stable/c/df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a https://git.kernel.org/stable/c/e45cc288724f0cfd497bb5920bcfa60caa335729 •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-1500 – Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability

https://notcve.org/view.php?id=CVE-2021-1500

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1

CVE-2015-4523 – Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape

https://notcve.org/view.php?id=CVE-2015-4523

Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. Blue Coat Malware Analysis Appliance (MAA) en versiones anteriores a la 4.2.5 y Malware Analyzer G2 permiten a los atacantes remotos omitir un mecanismo de protección de máquinas virtuales y, como consecuencia, modificar archivos arbitrarios, provocar una denegación de servicio (reinicio del host o restauración a valores de fábrica) o ejecutar código arbitrario mediante vectores relacionados con el guardado de archivos durante un análisis. • https://www.exploit-db.com/exploits/34334 https://bto.bluecoat.com/security-advisory/sa97 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.9EPSS: 0%CPEs: 18EXPL: 1

CVE-2017-4901 – VMware WorkStation 12.5.5 - Virtual Machine Escape

https://notcve.org/view.php?id=CVE-2017-4901

The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. La función drag-and-drop (DnD) en Workstation versiones 12.x y anteriores a 12.5.4 y Fusion versiones 8.x y anteriores a 8.5.5 de VMware, presenta una vulnerabilidad de acceso a la memoria fuera de límites. Esto puede permitir que un invitado ejecute código en el sistema operativo que ejecuta Workstation o Fusion. • https://www.exploit-db.com/exploits/47714 http://www.securityfocus.com/bid/96881 http://www.securitytracker.com/id/1038025 https://www.vmware.com/security/advisories/VMSA-2017-0005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 15EXPL: 6

CVE-2014-0983 – VirtualBox 3D Acceleration Virtual Machine Escape

https://notcve.org/view.php?id=CVE-2014-0983

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function. Múltiples errores de índice de matriz en programas que son generados automáticamente por la biblioteca VBox/HostServices/ SharedOpenGL/crserverlib/server_dispatch.py ??en Oracle VirtualBox versiones 4.2.x hasta 4.2.20 y versiones 4.3.x anteriores a 4.3.8, cuando se usa la aceleración 3D, permite a usuarios del SO invitado local ejecutar código arbitrario en el servidor Chromium por medio de ciertos mensajes CR_MESSAGE_OPCODES con un índice diseñado, que no está apropiadamente manejado por el (1) CR_VERTEXATTRIB4NUBARB_OPCODE en la función crServerDispatchVertexAttrib4NubARB, (2) CR_VERTEXATTRIB1DARB_OPCODEen la función crServerDispatchVertexAttrib1dARB, (3) CR_VERTEXATTRIB1FARB_OPCODE en la crServerDispatchVertexAttrib1fARB función, (4) CR_VERTEXATTRIB1SARB_OPCODE en la función crServerDispatchVertexAttrib1sARB, (5) CR_VERTEXATTRIB2DARB_OPCODE en la función crServerDispatchVertexAttrib2dARB, (6) CR_VERTEXATTRIB2FARB_OPCODE en la función crServerDispatchVertexAttrib2fARB, (7) CR_VERTEXATTRIB2SARB_OPCODE en la función crServerDispatchVertexAttrib2sARB, (8) CR_ VERTEXATTRIB3DARB_OPCODE en la función crServerDispatchVertexAttrib3dARB, (9) CR_VERTEXATTRIB3FARB_OPCODE en la función crServerDispatchVertexAttrib3fARB, (10) CR_VERTEXATTRIB3SARB_OPCODE en la función crServerDispatchVertexAttrib3sARB, (11) CR_VERTEXATTRIB4DARB_OPCODE en la función crServerDispatchVertexAttrib4dARB, (12) CR_VERTEXATTRIB4FARB_OPCODE en la función crServerDispatchVertexAttrib4fARB, y (13) CR_VERTEXATTRIB4SARB_OPCODE en la función crServerDispatchVertexAttrib4sARB. • https://www.exploit-db.com/exploits/32208 https://www.exploit-db.com/exploits/34334 http://seclists.org/fulldisclosure/2014/Mar/95 http://secunia.com/advisories/57384 http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities http://www.debian.org/security/2014/dsa-2904 http://www.exploit-db.com/exploits/32208 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/archive/1/531418/100/0&# • CWE-399: Resource Management Errors •