Page 238 of 2811 results (0.052 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-10774 – kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features

https://notcve.org/view.php?id=CVE-2020-10774

A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysctl subsystem when reading the /proc/sys/kernel/rh_features file. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality. Se encontró un fallo de divulgación de memoria en el kernel de Linux versiones anteriores a 4.18.0-193.el8 en el subsistema sysctl al leer el archivo /proc/sys/kernel/rh_features. Este fallo permite a un usuario local leer valores no inicializados de la memoria del kernel. • https://bugzilla.redhat.com/show_bug.cgi?id=1846964 https://access.redhat.com/security/cve/CVE-2020-10774 • CWE-805: Buffer Access with Incorrect Length Value CWE-909: Missing Initialization of Resource •

CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 2

CVE-2020-25673

https://notcve.org/view.php?id=CVE-2020-25673

A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. Se encontró una vulnerabilidad en el kernel de Linux en la que el socket non-blocking en la función llcp_sock_connect() conduce a un filtrado de información y eventualmente bloquea el sistema • http://www.openwall.com/lists/oss-security/2020/11/01/1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PW3OASG7OEMHANDWBM5US5WKTOC76KMH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UTVACC6PGS6OSD3EYY7FZUAZT2EUMFH5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEIEGQXUW37YHZ5MTAZTDCIMHUN26NJS https://security.netapp.com/advisory/ntap-20210702-0008 https://www.openwall.com/lists/oss-security/2020 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 34EXPL: 0

CVE-2020-26558 – bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack

https://notcve.org/view.php?id=CVE-2020-26558

Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. El emparejamiento seguro de Bluetooth LE y BR/EDR en Bluetooth Core Specification versiones 2.1 hasta 5.2, puede permitir a un atacante de tipo man-in-the-middle cercano identificar el Passkey usada durante el emparejamiento (en el procedimiento de autenticación de Passkey) mediante el reflejo de la clave pública y la evidencia de autenticació del dispositivo de inicio, potencialmente permitiendo a este atacante completar el emparejamiento autenticado con el dispositivo que responde usando la contraseña correcta para la sesión de emparejamiento. La metodología de ataque determina el valor de la Clave un bit a la vez A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge. • https://kb.cert.org/vuls/id/799380 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2021/06/msg00022.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NSS6CTGE4UGTJLCOZOASDR3T3SLL6QJZ https://security.gentoo.org/glsa/202209-16 https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/reporting-security ht • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2002-2438

https://notcve.org/view.php?id=CVE-2002-2438

TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. TCP firewalls pueden ser omitidos mediante el envío de paquetes SYN con otros flag (como por ejemplo, el flag RST) configurados, que la pila TCP de Linux no descartó correctamente después del firewalling • http://www.openwall.com/lists/oss-security/2012/02/03/7 http://www.openwall.com/lists/oss-security/2012/05/29/8 http://www.openwall.com/lists/oss-security/2012/05/30/11 http://www.openwall.com/lists/oss-security/2012/05/30/12 http://www.openwall.com/lists/oss-security/2012/05/30/13 http://www.openwall.com/lists/oss-security/2012/05/30/2 http://www.openwall.com/lists/oss-security/2012/05/30/4 http://www.openwall.com/lists/oss-security/2 • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2021-33033 – kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c

https://notcve.org/view.php?id=CVE-2021-33033

The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. El kernel de Linux versiones anteriores a 5.11.14, presenta un uso de la memoria previamente liberada en una función cipso_v4_genopt en el archivo net/ipv4/cipso_ipv4.c, porque el recuento de CIPSO y CALIPSO para las definiciones DOI es manejado inapropiadamente, también se conoce como CID-ad5d07f4a9cd. Esto conlleva a escribir un valor arbitrario A flaw use-after-free in the Linux kernel CIPSO network packet labeling protocol functionality was found in the way user open local network connection with the usage of the security labeling that is IP option number 134. A local user could use this flaw to crash the system or possibly escalate their privileges on the system. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.14 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.7 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1165affd484889d4986cf3b724318935a0b120d8 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad5d07f4a9cd671233ae20983848874731102c08 https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-cipso_v4_genopt https://syzkaller.appspot.com/bug?id=96e7d345 • CWE-416: Use After Free •