Page 32 of 292 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 Cuando es desencadenada la vulnerabilidad, el proceso BIND saldrá. BIND versión 9.18.0 • https://kb.isc.org/v1/docs/cve-2022-0667 https://security.netapp.com/advisory/ntap-20220408-0001 • CWE-617: Reachable Assertion •

CVSS: 9.1EPSS: 0%CPEs: 34EXPL: 0

Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. Una pérdida de memoria en la implementación de icmp6 en el Kernel de Linux versión 5.13+, permite a un atacante remoto hacer DoS a un host haciendo que salga de la memoria por medio de paquetes icmp6 de tipo 130 o 131. Recomendamos actualizar el commit 2d3916f3189172d5c69d33065c3c21119fe539fc • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3916f3189172d5c69d33065c3c21119fe539fc https://security.netapp.com/advisory/ntap-20220425-0001 https://www.openwall.com/lists/oss-security/2022/03/15/3 • CWE-275: Permission Issues CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 3

In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. En el kernel de Linux versiones anteriores a 5.15.3, el archivo fs/quota/quota_tree.c no comprueba el número de bloque en el árbol de cuotas (en disco). Esto puede, por ejemplo, conllevar a un uso de memoria previamente liberada del archivo kernel/locking/rwsem.c si se presenta un archivo de cuotas corrupto • https://bugzilla.kernel.org/show_bug.cgi?id=214655 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bf3d20331295b1ecb81f4ed9ef358c51699a050 https://security.netapp.com/advisory/ntap-20220419-0003 https://www.openwall.com/lists/oss-security/2022/03/17/1 https://www.openwall.com/lists/oss-security/2022/03/17/2 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 54EXPL: 1

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. Se ha encontrado un fallo de uso después de libre en el sistema de archivos FUSE del kernel de Linux en la forma en que un usuario activa write(). Este defecto permite a un usuario local obtener acceso no autorizado a los datos del sistema de archivos FUSE, lo que resulta en una escalada de privilegios Linux suffers from a vulnerability where FUSE allows use-after-free reads of write() buffers, allowing theft of (partial) /etc/shadow hashes. • https://github.com/xkaneiki/CVE-2022-1011 https://bugzilla.redhat.com/show_bug.cgi?id=2064855 https://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git/commit/?h=for-next https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://www.debian.org/security/2022/dsa-5173 https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2022-1011 • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 25EXPL: 0

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. BIND versiones 9.16.11 posteriores a 9.16.26, versiones 9.17.0 posteriores a 9.18.0 y versiones 9.16.11-S1 posteriores a 9.16.26-S1 de BIND Supported Preview Edition. Los flujos TCP específicamente diseñados pueden causar que las conexiones a BIND permanezcan en estado CLOSE_WAIT durante un período de tiempo indefinido, incluso después de que el cliente haya terminado la conexión A flaw was found in Bind that incorrectly handles certain crafted TCP streams. The vulnerability allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://kb.isc.org/v1/docs/cve-2022-0396 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY https://security.gentoo.org/glsa/202210-25 https://security.netapp.com/advisory/ntap-20220408-0001 https://access.redhat.com/security/cve/CVE-2022-0396 https://bugzilla.redhat.com/show_bug.cgi?id=2064513 • CWE-404: Improper Resource Shutdown or Release CWE-459: Incomplete Cleanup •