Page 6 of 446 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 22EXPL: 0

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. Se ha detectado un fallo de uso de memoria previamente liberada en el archivo fs/ext4/namei.c:dx_insert_block() en el subcomponente del sistema de archivos del kernel de Linux. Este fallo permite a un atacante local con privilegios de usuario causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-1184 https://bugzilla.redhat.com/show_bug.cgi?id=2070205 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://ubuntu.com/security/CVE-2022-1184 https://www.debian.org/security/2022/dsa-5257 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 9

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Se ha detectado un problema en el kernel de Linux versiones hasta 5.18.9. • https://github.com/veritas501/CVE-2022-34918 https://github.com/randorisec/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra25/CVE-2022-34918-LPE-PoC https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC https://github.com/linulinu/CVE-2022-34918 http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://packetstormsecurity.com/files/168543/Netfilter-nft_set_elem_init-Heap-Overflow-Privilege-Escalation.html http://www.openwall.com/lists/oss-secur • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') CWE-1025: Comparison Using Wrong Factors •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. • https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c https://ubuntu.com/security/notices/USN-5496-1 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

is_closing_session() allows users to fill up apport.log is_closing_session() permite a los usuarios completar apport.log • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28654 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0

is_closing_session() allows users to create arbitrary tcp dbus connections is_closing_session() permite a los usuarios crear conexiones tcp dbus arbitrarias • https://ubuntu.com/security/notices/USN-5427-1 https://www.cve.org/CVERecord?id=CVE-2022-28655 • CWE-770: Allocation of Resources Without Limits or Throttling •