Page 136 of 8983 results (0.015 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3633 – Linux Kernel transport.c j1939_session_destroy memory leak

https://notcve.org/view.php?id=CVE-2022-3633

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6 https://vuldb.com/?ctiid.211932 https://vuldb.com/?id.211932 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-3623 – Linux Kernel BPF gup.c follow_page_pte race condition

https://notcve.org/view.php?id=CVE-2022-3623

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function follow_page_pte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=fac35ba763ed07ba93154c95ffc0c4a55023707f https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html https://vuldb.com/?id.211921 https://www.debian.org/security/2023/dsa-5324 https://access.redhat.com/security/cve/CVE-2022-3623 https://bugzilla.redhat.com/show_bug.cgi?id=2165721 • CWE-123: Write-what-where Condition CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3621 – Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference

https://notcve.org/view.php?id=CVE-2022-3621

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=21a87d88c2253350e115029f14fe2a10a7e6c856 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://vuldb.com/?id.211920 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-41742 – NGINX ngx_http_mp4_module vulnerability CVE-2022-41742

https://notcve.org/view.php?id=CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source anteriores as versiones 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus versiones anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local causar un bloqueo del proceso del trabajador, o podría resultar en una divulgación de la memoria del proceso del trabajador mediante el uso de un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a los productos NGINX que son construidos con el módulo ngx_http_mp4_module, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K28112382 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-41741 – NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

https://notcve.org/view.php?id=CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source versiones anteriores a 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local corromper la memoria del trabajador de NGINX, resultando en su terminación o cualquier otro impacto potencial usando un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a productos NGINX que son construidos con el módulo ngx_http_mp4_, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K81926432 • CWE-787: Out-of-bounds Write •