Page 107 of 765 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 2

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture. It ignores the top byte in the address passed to the brk system call, potentially moving the memory break downwards when the application expects it to move upwards, aka CID-dcde237319e6. This has been observed to cause heap corruption with the GNU C Library malloc implementation. Se detectó un problema en el kernel de Linux versión 5.4 y versiones 5.5 hasta 5.5.6 sobre la arquitectura AArch64. Ignora el byte superior en la dirección pasada a la llamada de sistema brk, posiblemente moviendo la memoria hacia abajo cuando la aplicación espera que se mueva hacia arriba, también se conoce como CID-dcde237319e6. • http://www.openwall.com/lists/oss-security/2020/02/25/6 https://bugzilla.redhat.com/show_bug.cgi?id=1797052 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dcde237319e626d1ec3c9d8b7613032f0fd4663a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4LH35HOPBJIKYHYFXMBBM75DN75PZHZ https://security.netapp.com/advisory/ntap-20200313-0003 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 18EXPL: 0

An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2. Se detectó un problema en el kernel de Linux versión 3.16 hasta la versión 5.5.6. La función set_fdc en el archivo drivers/block/floppy.c, conlleva a una lectura fuera de límites de wait_til_ready porque el índice FDC no es comprobado para errores antes de asignarlos, también se conoce como CID-2e90ca68b0d2 An out-of-bounds (OOB) memory access flaw was found in the floppy driver module in the Linux kernel. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00039.html https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=2f9ac30a54dc0181ddac3705cdcf4775d863c530 https://github.com/torvalds/linux/commit/2e90ca68b0d2f5548804f22f0dd61145516171e3 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap& • CWE-125: Out-of-bounds Read •

CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size. La función ext4_protect_reserved_inode en el archivo fs/ext4/block_validity.c en el kernel de Linux versiones hasta 5.5.3, permite a atacantes causar una denegación de servicio (soft lockup) por medio de un journal size diseñado. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://patchwork.ozlabs.org/patch/1236118 https://security.netapp.com/advisory/ntap-20200313-0003 https://usn.ubuntu.com/4318-1 https://usn.ubuntu.com/4324-1 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4419-1 • CWE-400: Uncontrolled Resource Consumption CWE-834: Excessive Iteration •

CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 1

There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c. Se presenta una vulnerabilidad de uso de la memoria previamente liberada en el kernel de Linux versiones hasta 5.5.2, en la función n_tty_receive_buf_common en el archivo drivers/tty/n_tty.c. A use-after-free flaw was found in the Linux kernel console driver when using the copy-paste buffer. This flaw allows a local user to crash the system. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html https://bugzilla.kernel.org/show_bug.cgi?id=206361 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200924-0004 https://usn.ubuntu.com/4342-1 https://usn.ubuntu.com/4344-1 https://usn.ubuntu.com/4345-1 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb. La biblioteca Lib/zipfile.py en Python versiones hasta 3.7.2, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de una bomba ZIP. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00041.html https://bugs.python.org/issue36260 https://bugs.python.org/issue36462 https://github.com/python/cpython/blob/master/Lib/zipfile.py https://python-security.readthedocs.io/security.html#archives-and-zip-bomb https://security.netapp.com/advisory/ntap-20200221-0003 https://usn.ubuntu.com/4428-1 https://www.python.org/news/security • CWE-400: Uncontrolled Resource Consumption •