Page 131 of 1100 results (0.013 seconds)

CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0

CVE-2021-44537

https://notcve.org/view.php?id=CVE-2021-44537

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. ownCloud owncloud/client versiones anteriores a 2.9.2 permite una inyección de recursos por parte de un servidor en el cliente de escritorio por medio de una URL, conllevando a una ejecución de código remota • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STKTSNYBZPXBGJOCDAMCZPRXJLAYGDMO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSZNJFGM66LJONBQFYYQL4GD5XI5QO2Y https://owncloud.com/security-advisories/cve-2021-44537 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1

CVE-2022-23094 – libreswan: Malicious IKEv1 packet can cause libreswan to restart

https://notcve.org/view.php?id=CVE-2022-23094

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. Libreswan versiones 4.2 hasta 4.5, permite a atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo del demonio) por medio de un paquete IKEv1 diseñado porque el archivo pluto/ikev1.c espera erróneamente que sea presentado un objeto de estado. Esto ha sido corregido en versión 4.6 A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon. • https://github.com/libreswan/libreswan/issues/585 https://libreswan.org/security/CVE-2022-23094 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMIHAXWQUJAPCIGNJ5J5Q6ASWQBU7T5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFZ7WP5LNNBW5ADIOPDSPQ23SXZJRNMP https://www.debian.org/security/2022/dsa-5048 https://access.redhat.com/security/cve/CVE-2022-23094 https://bugzilla.redhat.com/show_bug.cgi?id=2036898 • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2021-46021

https://notcve.org/view.php?id=CVE-2021-46021

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. Una vulnerabilidad de Uso de Memoria Previamente Liberada en la función rec_record_destroy() en el archivo rec-record.c de GNU Recutils versión v1.8.90, puede conllevar a un fallo de segmentación o un fallo de la aplicación • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDVOFC3HTBG7DF2PZTEXRMG4CV2F55UF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRSXSN2XF6PX74WDYVV26TQMYIFAEQ3T https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1

CVE-2021-46022

https://notcve.org/view.php?id=CVE-2021-46022

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. Una vulnerabilidad de Uso de Memoria Previamente Liberada en la función rec_mset_elem_destroy() en el archivo rec-mset.c de GNU Recutils v1.8.90, puede conllevar a un fallo de segmentación o un fallo de la aplicación • https://github.com/gnu-mirror-unofficial/recutils/commit/34b75ed7ad492c8e38b669ebafe0176f1f9992d2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDVOFC3HTBG7DF2PZTEXRMG4CV2F55UF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VRSXSN2XF6PX74WDYVV26TQMYIFAEQ3T https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html https://nvd.nist.gov/vuln/detail/CVE-2021-46022 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 4

CVE-2022-23222 – kernel: local privileges escalation in kernel/bpf/verifier.c

https://notcve.org/view.php?id=CVE-2022-23222

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.15.14, permite a usuarios locales alcanzar privilegios debido a una disponibilidad de la aritmética de punteros por medio de determinados tipos de punteros *_OR_NULL A flaw was found in the Linux kernel's adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue. • https://github.com/tr3ee/CVE-2022-23222 https://github.com/PenteraIO/CVE-2022-23222-POC https://github.com/FridayOrtiz/CVE-2022-23222 http://www.openwall.com/lists/oss-security/2022/01/14/1 http://www.openwall.com/lists/oss-security/2022/01/18/2 http://www.openwall.com/lists/oss-security/2022/06/01/1 http://www.openwall.com/lists/oss-security/2022/06/04/3 http://www.openwall.com/lists/oss-security/2022/06/07/3 https://bugzilla.suse.com/show_ • CWE-476: NULL Pointer Dereference CWE-763: Release of Invalid Pointer or Reference •