Page 4 of 122 results (0.014 seconds)

CVSS: 8.1EPSS: 0%CPEs: 11EXPL: 1

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize. expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0006 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://access.redhat.com/security/cve/CVE-2021-46143 https://bu • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 2

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). En Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o más) lugares en la función storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignación (por ejemplo, asignar muy pocos bytes, o sólo liberar memoria). expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability. • http://www.openwall.com/lists/oss-security/2022/01/17/3 https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/531 https://github.com/libexpat/libexpat/pull/534 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0004 https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 https://acces • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-682: Incorrect Calculation •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. Se ha detectado un problema en la función aspeed_lpc_ctrl_mmap en el archivo drivers/soc/aspeed/aspeed-lpc-ctrl.c en el kernel de Linux versiones anteriores a 5.14.6. Unos atacantes locales capaces de acceder a la interfaz de control de Aspeed LPC podrían sobrescribir memoria en el kernel y potencialmente ejecutar privilegios, también se conoce como CID-b49a0e69a7b1. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96 https://security.netapp.com/advisory/ntap-20211112-0006 •

CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 3

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. La función decode_data en el archivo drivers/net/hamradio/6pack.c en el kernel de Linux versiones anteriores a 5.13.13, presenta una escritura fuera de límites. La entrada desde un proceso que tiene la capacidad CAP_NET_ADMIN puede conllevar a un acceso de root • https://github.com/0xdevil/CVE-2021-42008 https://github.com/numanturle/CVE-2021-42008 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793 https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://security.netapp.com/advisory/ntap-20211104-0002 https://www.youtube.com/watch?v=d5f9xLK8Vhw • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 27EXPL: 0

prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. prealloc_elems_and_freelist en kernel/bpf/stackmap.c en el kernel de Linux antes de la versión 5.14.12 permite a usuarios sin privilegios desencadenar un desbordamiento de enteros en la multiplicación de eBPF con una escritura fuera de los límites resultante. An out-of-bounds (OOB) memory write flaw was found in prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the bpf in the Linux kernel. In this flaw, the multiplication to calculate the size could lead to an integer overflow which could allow a local attacker, with a special user privilege, to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. • https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.12 https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a https://github.com/torvalds/linux/commit/30e29a9a2bc6a4888335a6ede968b75cd329657a https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM http • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •