Page 49 of 4121 results (0.026 seconds)

CVSS: 7.4EPSS: 0%CPEs: 35EXPL: 0

CVE-2021-20322 – kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies

https://notcve.org/view.php?id=CVE-2021-20322

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Se encontró un fallo en el procesamiento de los errores ICMP recibidos (fragmento ICMP necesario y redireccionamiento ICMP) en la funcionalidad del kernel de Linux que permite la capacidad de escanear rápidamente los puertos UDP abiertos. Este fallo permite a un usuario remoto fuera de la ruta de acceso omitir efectivamente la aleatorización del puerto de origen UDP. • https://bugzilla.redhat.com/show_bug.cgi?id=2014230 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=4785305c05b25a242e5314cc821f54ade4c18810 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.15-rc6&id=6457378fe796815c973f631a1904e147d6ee33b1 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/ipv4/route.c?h=v5.15-rc6&id=67d6d681e15b578c1725bad8ad079e05d1c48a8e https://git.kernel.org/pub/scm/linux/ke • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.9EPSS: 0%CPEs: 36EXPL: 1

CVE-2021-3752 – kernel: possible use-after-free in bluetooth module

https://notcve.org/view.php?id=CVE-2021-3752

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Se ha encontrado un fallo de uso de memoria previamente liberada en el subsistema Bluetooth del kernel de Linux en la forma en que las llamadas de usuario son conectadas al socket y son desconectadas simultáneamente debido a una condición de carrera. Este fallo permite a un usuario bloquear el sistema o escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=1999544 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org https://security.netapp.com/advisory/ntap-20220318-0009 https://www.debian.org/security/2022/dsa-5096 https://www.openwall.com/lists/oss-security/2021/09/15/4 https://www.oracle.com/security-alerts/cpujul2022.html https:/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 7.0EPSS: 0%CPEs: 31EXPL: 1

CVE-2021-3640 – kernel: use-after-free vulnerability in function sco_sock_sendmsg()

https://notcve.org/view.php?id=CVE-2021-3640

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. Se encontró un fallo de uso de memoria previamente liberada en la función sco_sock_sendmsg() del subsistema HCI del kernel de Linux en la forma en que el usuario llama a ioct UFFDIO_REGISTER o de otra manera desencadena una condición de carrera de la llamada sco_conn_del() junto con la llamada sco_sock_sendmsg() con la página de memoria de fallo controlable esperada. Un usuario local privilegiado podría usar este fallo para bloquear el sistema o escalar sus privilegios en el sistema • https://bugzilla.redhat.com/show_bug.cgi?id=1980646 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://security.netapp.com/advisory/ntap-20220419-0003 https://ubuntu.com/security/CVE-2021- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 2

CVE-2022-21724 – Unchecked Class Instantiation when providing Plugin Classes

https://notcve.org/view.php?id=CVE-2022-21724

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. • https://github.com/ToontjeM/CVE-2022-21724 https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS https://security.netapp.com/advisory/ntap-20220311-0005 https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com&# • CWE-665: Improper Initialization •

CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 1

CVE-2022-0443 – Use After Free in vim/vim

https://notcve.org/view.php?id=CVE-2022-0443

Use After Free in GitHub repository vim/vim prior to 8.2. Un Uso de Memoria Previamente Liberada en el repositorio de GitHub vim/vim de versiones anteriores a 8.2 • https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html https://lists.debian.org/debian-lts-announce/2022/11/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZLEHVP4LNAGER4ZDGUDS5V5YVQD6INF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFXFAILMLUIK4MBUEZO4HNBNKYZRJ5AP https://secur • CWE-416: Use After Free •