Page 164 of 8866 results (0.017 seconds)

CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. Se encontró una vulnerabilidad en el verificador EBPF del kernel de Linux cuando son manejadas estructuras de datos internas. Las ubicaciones de memoria interna podían ser devueltas al espacio de usuario. • https://access.redhat.com/security/cve/CVE-2021-4159 https://bugzilla.redhat.com/show_bug.cgi?id=2036024 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=294f2fc6da27620a506e6c050241655459ccd6bd https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security-tracker.debian.org/tracker/CVE-2021-4159 • CWE-202: Exposure of Sensitive Information Through Data Queries •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en el sistema de archivos NILFS del kernel de Linux en la forma en que el usuario desencadena la función security_inode_alloc para que falle con la siguiente llamada a la función nilfs_mdt_destroy. Un usuario local podría usar este fallo para bloquear el sistema o escalar potencialmente sus privilegios en el sistema. • https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91%40hust.edu.cn/T/#u • CWE-416: Use After Free •

CVSS: 7.1EPSS: 0%CPEs: 14EXPL: 1

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. Se ha encontrado un fallo de acceso a memoria fuera de límites (OOB) en el eBPF del kernel de Linux debido a una comprobación de entrada inapropiada. Este fallo permite a un atacante local con un privilegio especial bloquear el sistema o filtrar información interna. • https://github.com/tr3ee/CVE-2021-4204 https://access.redhat.com/security/cve/CVE-2021-4204 https://bugzilla.redhat.com/show_bug.cgi?id=2039178 https://security-tracker.debian.org/tracker/CVE-2021-4204 https://security.netapp.com/advisory/ntap-20221228-0003 https://www.openwall.com/lists/oss-security/2022/01/11/4 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2

A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. Se ha encontrado un fallo de desbordamiento de la pila en el programa pngimage.c de libpngs. Este fallo permite a un atacante con acceso a la red local pasar un archivo PNG especialmente diseñado a la utilidad pngimage, causando un fallo en la aplicación, conllevando a una denegación de servicio. • https://access.redhat.com/security/cve/CVE-2021-4214 https://bugzilla.redhat.com/show_bug.cgi?id=2043393 https://github.com/glennrp/libpng/issues/302 https://security-tracker.debian.org/tracker/CVE-2021-4214 https://security.netapp.com/advisory/ntap-20221020-0001 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. VMware Tools (versiones 12.0.0, 11.x.y y 10.x.y) contiene una vulnerabilidad de escalada de privilegios local. Un actor malicioso con acceso local no administrativo al Sistema Operativo invitado puede escalar privilegios como usuario root en la máquina virtual. A flaw was found in open-vm-tools. • http://www.openwall.com/lists/oss-security/2022/08/23/3 https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW https://security.gentoo.org/glsa/202 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •