Page 133 of 1677 results (0.016 seconds)

CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1

CVE-2018-10882 – kernel: stack-out-of-bounds write infs/jbd2/transaction.c

https://notcve.org/view.php?id=CVE-2018-10882

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. Se ha detectado una vulnerabilidad en el sistema de archivos ext4 del kernel de Linux. Un usuario local puede provocar una escritura fuera de límites en el código de fs/jbd2/transaction.c, una denegación de servicio (DoS) y un cierre inesperado del sistema al desmontar una imagen del sistema de archivos ext4. A flaw was found in the Linux kernel's ext4 filesystem. • http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2018:2948 https://bugzilla.kernel.org/show_bug.cgi?id=200069 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu.com/3753-1 https://usn.ubuntu.com/3753-2 https://usn.ubuntu.com/3871-1 • CWE-787: Out-of-bounds Write •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-14609

https://notcve.org/view.php?id=CVE-2018-14609

An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to removing reloc rb_trees when reloc control has not been initialized. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Existe una desreferencia de puntero no válido en __del_reloc_root() en fs/btrfs/relocation.c cuando se monta una imagen btrfs manipulada. Esto está relacionado con eliminar el reloc rb_trees cuando el control de reloc no se ha inicializado. • http://www.securityfocus.com/bid/104917 https://bugzilla.kernel.org/show_bug.cgi?id=199833 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://patchwork.kernel.org/patch/10500521 https://usn.ubuntu.com/3821-1 https://usn.ubuntu.com/3821-2 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 https://www.debian.org/security/2018/dsa-4308 • CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-14617

https://notcve.org/view.php?id=CVE-2018-14617

An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory. Se ha descubierto un problema en el kernel de Linux hasta la versión 4.17.10. Hay una desreferencia de puntero NULL y pánico en hfsplus_lookup() en fs/hfsplus/dir.c cuando se abre un archivo (que supuestamente es un enlace duro o hard link) en un sistema de archivos hfs+ que tiene datos de catálogo mal formados y se monta en modo de solo lectura sin un directorio de metadatos. • http://www.securityfocus.com/bid/104917 https://bugzilla.kernel.org/show_bug.cgi?id=200297 https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html https://usn.ubuntu.com/3821-1 https://usn.ubuntu.com/3821-2 https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4118-1 https://www.debian.org/security/2018/dsa-4308 https://www.spinics.net/lists/linux-fsdevel/msg130021.html • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 10

CVE-2015-9261 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor

https://notcve.org/view.php?id=CVE-2015-9261

huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. huft_build en archival/libarchive/decompress_gunzip.c en BusyBox en versiones anteriores a la 1.27.2 utiliza incorrectamente un puntero, provocando segfaults y un cierre inesperado de la aplicación durante una operación unzip en un archivo ZIP especialmente manipulado. Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities. • http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2022/Jun/36&# • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2018-10876 – kernel: use-after-free in jbd2_journal_commit_transaction funtion

https://notcve.org/view.php?id=CVE-2018-10876

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. Se ha detectado una vulnerabilidad en el kernel de Linux en el código del sistema de archivos ext4. Es posible un uso de memoria previamente liberada en la función ext4_ext_remove_space() cuando se monta y opera una imagen ext4 manipulada. A flaw was found in the Linux kernel's ext4 filesystem code. • http://patchwork.ozlabs.org/patch/929239 http://www.securityfocus.com/bid/104904 http://www.securityfocus.com/bid/106503 https://access.redhat.com/errata/RHSA-2019:0525 https://bugzilla.kernel.org/show_bug.cgi?id=199403 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html https://usn.ubuntu. • CWE-416: Use After Free •