Page 44 of 1536 results (0.010 seconds)

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-28327 – kernel: denial of service problem in net/unix/diag.c

https://notcve.org/view.php?id=CVE-2023-28327

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2177382 https://access.redhat.com/security/cve/CVE-2023-28327 • CWE-476: NULL Pointer Dereference •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-2019 – Linux Kernel netdevsim Improper Update of Reference Count Denial-of-Service Vulnerability

https://notcve.org/view.php?id=CVE-2023-2019

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the scheduling of events. • https://bugzilla.redhat.com/show_bug.cgi?id=2189137 https://github.com/torvalds/linux/commit/180a6a3ee60a https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811 • CWE-911: Improper Update of Reference Count •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0

CVE-2022-4318 – Cri-o: /etc/passwd tampering privesc

https://notcve.org/view.php?id=CVE-2022-4318

A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. Se encontró una vulnerabilidad en cri-o. Este problema permite la adición de líneas arbitrarias en /etc/passwd mediante el uso de una variable de entorno especialmente manipulada. • https://access.redhat.com/errata/RHSA-2023:1033 https://access.redhat.com/errata/RHSA-2023:1503 https://access.redhat.com/security/cve/CVE-2022-4318 https://bugzilla.redhat.com/show_bug.cgi?id=2152703 • CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-913: Improper Control of Dynamically-Managed Code Resources •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2023-0664

https://notcve.org/view.php?id=CVE-2023-0664

A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. • https://bugzilla.redhat.com/show_bug.cgi?id=2167423 https://gitlab.com/qemu-project/qemu/-/commit/07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158 https://gitlab.com/qemu-project/qemu/-/commit/88288c2a51faa7c795f053fc8b31b1c16ff804c5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MURWGXDIF2WTDXV36T6HFJDBL632AO7R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SEOC7SRJWLZSXCND2ADFW6C76ZMTZLE4 https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg01445 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2023-1652 – Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c

https://notcve.org/view.php?id=CVE-2023-1652

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. • https://access.redhat.com/security/cve/cve-2023-1652 https://security.netapp.com/advisory/ntap-20230511-0006 https://access.redhat.com/security/cve/CVE-2023-1652 https://bugzilla.redhat.com/show_bug.cgi?id=2182031 • CWE-416: Use After Free •