Page 29 of 1963 results (0.022 seconds)

CVSS: 7.8EPSS: 0%CPEs: 79EXPL: 0

CVE-2022-0330 – kernel: possible privileges escalation due to missing TLB flush

https://notcve.org/view.php?id=CVE-2022-0330

A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. Se ha encontrado un fallo de acceso aleatorio a la memoria en la funcionalidad del controlador del kernel de la GPU i915 de Linux en la forma en que un usuario puede ejecutar código malicioso en la GPU. Este fallo permite a un usuario local bloquear el sistema o escalar sus privilegios en el mismo A random memory access flaw was found in the Linux kernel’s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. • http://www.openwall.com/lists/oss-security/2022/11/30/1 https://bugzilla.redhat.com/show_bug.cgi?id=2042404 https://security.netapp.com/advisory/ntap-20220526-0001 https://www.openwall.com/lists/oss-security/2022/01/25/12 https://access.redhat.com/security/cve/CVE-2022-0330 • CWE-281: Improper Preservation of Permissions •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2021-4091 – 389-ds-base: double free of the virtual attribute context in persistent search

https://notcve.org/view.php?id=CVE-2021-4091

A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. Se ha encontrado una vulnerabilidad de doble liberación en la forma en que 389-ds-base maneja el contexto de los atributos virtuales en las búsquedas persistentes. Un atacante podría enviar una serie de peticiones de búsqueda, forzando al servidor a comportarse de forma inesperada, y bloquearse A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. • https://bugzilla.redhat.com/show_bug.cgi?id=2030307 https://lists.debian.org/debian-lts-announce/2023/04/msg00026.html https://access.redhat.com/security/cve/CVE-2021-4091 • CWE-415: Double Free •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2021-3948 – mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)

https://notcve.org/view.php?id=CVE-2021-3948

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and availability of the services located on that cluster. Se ha encontrado una vulnerabilidad de permisos por defecto incorrectos en el controlador mig. Debido a un manejo incorrecto de espacios de nombres del cluster, un atacante puede ser capaz de migrar una carga de trabajo maliciosa al cluster de destino, impactando la confidencialidad, integridad y disponibilidad de los servicios ubicados en ese cluster • https://bugzilla.redhat.com/show_bug.cgi?id=2022017 https://access.redhat.com/security/cve/CVE-2021-3948 • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1

CVE-2021-3773 – kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients

https://notcve.org/view.php?id=CVE-2021-3773

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. Un fallo en netfilter podría permitir a un atacante conectado a la red inferir información del endpoint de la conexión openvpn para su posterior uso en ataques de red tradicionales • https://github.com/d0rb/CVE-2021-3773 https://bugzilla.redhat.com/show_bug.cgi?id=2004949 https://www.oracle.com/security-alerts/cpujul2022.html https://citizenlab.ca/2024/07/vulnerabilities-in-vpns-paper-presented-at-the-privacy-enhancing-technologies-symposium-2024 https://access.redhat.com/security/cve/CVE-2021-3773 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1

CVE-2021-3752 – kernel: possible use-after-free in bluetooth module

https://notcve.org/view.php?id=CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario son conectadas al socket y son desconectadas simultáneamente debido a una condición de carrera. Este fallo permite a un usuario bloquear el sistema o escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org https://security.netapp.com/advisory/ntap-20220318-0009 https://www.debian.org/security/2022/dsa-5096 https://www.openwall.com/lists/oss-security/2021/09/15/4 https://www.oracle.com/security-alerts/cpujul2022.html https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •