Page 79 of 3085 results (0.016 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3633 – Linux Kernel transport.c j1939_session_destroy memory leak

https://notcve.org/view.php?id=CVE-2022-3633

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932. • https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next.git/commit/?id=8c21c54a53ab21842f5050fa090f26b03c0313d6 https://vuldb.com/?ctiid.211932 https://vuldb.com/?id.211932 • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-3621 – Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference

https://notcve.org/view.php?id=CVE-2022-3621

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next.git/commit/?id=21a87d88c2253350e115029f14fe2a10a7e6c856 https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html https://vuldb.com/?id.211920 • CWE-404: Improper Resource Shutdown or Release CWE-476: NULL Pointer Dereference •

CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-41742 – NGINX ngx_http_mp4_module vulnerability CVE-2022-41742

https://notcve.org/view.php?id=CVE-2022-41742

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source anteriores as versiones 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus versiones anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local causar un bloqueo del proceso del trabajador, o podría resultar en una divulgación de la memoria del proceso del trabajador mediante el uso de un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a los productos NGINX que son construidos con el módulo ngx_http_mp4_module, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K28112382 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0

CVE-2022-41741 – NGINX ngx_http_mp4_module vulnerability CVE-2022-41741

https://notcve.org/view.php?id=CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module. NGINX Open Source versiones anteriores a 1.23.2 y 1.22.1, NGINX Open Source Subscription versiones anteriores a R2 P1 y R1 P1, y NGINX Plus anteriores a R27 P1 y R26 P1, presentan una vulnerabilidad en el módulo ngx_http_mp4_module que podría permitir a un atacante local corromper la memoria del trabajador de NGINX, resultando en su terminación o cualquier otro impacto potencial usando un archivo de audio o vídeo especialmente diseñado. El problema afecta sólo a productos NGINX que son construidos con el módulo ngx_http_mp4_, cuando es usada la directiva mp4 en el archivo de configuración. • https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ https://security.netapp.com/advisory/ntap-20230120-0005 https://support.f5.com/csp/article/K81926432 • CWE-787: Out-of-bounds Write •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2022-3586 – Linux Kernel Net Scheduler Use-After-Free Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2022-3586

A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. Se ha encontrado un fallo en el código de red del kernel de Linux. Ha sido encontrado un uso de memoria previamente liberada en la forma en que la función sch_sfb enqueue usó el campo cb del búfer de socket (SKB) después de que el mismo SKB había sido puesto en cola (y liberado) en un qdisc hijo. • https://github.com/torvalds/linux/commit/9efd23297cca https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://www.zerodayinitiative.com/advisories/upcoming • CWE-416: Use After Free •