Page 8 of 466 results (0.011 seconds)

CVSS: 7.0EPSS: 0%CPEs: 55EXPL: 1

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic). Se ha descubierto un problema en sd-bus en systemd 239. bus_process_object() en libsystemd/sd-bus/bus-objects.c asigna un búfer de pila de longitud variable para almacenar temporalmente la ruta de objeto de los mensajes D-Bus entrantes. Un usuario local sin privilegios puede explotar esto enviando un mensaje especialmente manipulado a PID1, provocando que el puntero de la pila salte por las páginas guard de la pila hasta una región de memoria no mapeada y desencadene una denegación de servicio (cierre inesperado del PID1 en systemd y pánico del kernel). It was discovered that systemd allocates a buffer large enough to store the path field of a dbus message without performing enough checks. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00070.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00062.html http://www.openwall.com/lists/oss-security/2019/02/18/3 http://www.openwall.com/lists/oss-security/2019/02/19/1 http://www.openwall.com/lists/oss-security/2021/07/20/2 http://www.securityfocus.com/bid/107081 https://access.redhat.com/errata/RHSA-2019:0368 https://access.redhat.com/errata/RHSA-2019:0990 https://access • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1

The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. La implementación KVM en el kernel de Linux, hasta la versión 4.20.5, tiene un uso de memoria previamente liberada. A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor emulates a preemption timer for L2 guests when nested (=1) virtualization is enabled. This high resolution timer(hrtimer) runs when a L2 guest is active. After VM exit, the sync_vmcs12() timer object is stopped. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html http://packetstormsecurity.com/files/151713/KVM-VMX-Preemption-Timer-Use-After-Free.html http://www.openwall.com/lists/oss-security/2019/02/18/2 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0833 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2019:4058 https://bugs.chromiu • CWE-416: Use After Free •

CVSS: 8.1EPSS: 3%CPEs: 60EXPL: 3

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. En el kernel de Linux en versiones anteriores a la 4.20.8, kvm_ioctl_create_device en virt/kvm/kvm_main.c gestiona de manera incorrecta el conteo de referencias debido a una condición de carrera, lo que conduce a un uso de memoria previamente liberada. A use-after-free vulnerability was found in the way the Linux kernel's KVM hypervisor implements its device control API. While creating a device via kvm_ioctl_create_device(), the device holds a reference to a VM object, later this reference is transferred to the caller's file descriptor table. If such file descriptor was to be closed, reference count to the VM object could become zero, potentially leading to a use-after-free issue. • https://www.exploit-db.com/exploits/46388 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cfa39381173d5f969daf43582c95ad679189cbc9 http://www.securityfocus.com/bid/107127 https://access.redhat.com/errata/RHBA-2019:0959 https://access.redhat.com/errata/RHSA-2019:0818 https://access.redhat.com/errata/RHSA-2019:0833 https://access.redhat.com/errata/RHSA-2019:2809 https://access.redhat.com/errata/RHSA-2019:3967 https://access.redhat.com/errata/RHSA-2020:0103&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •

CVSS: 8.2EPSS: 0%CPEs: 11EXPL: 0

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. Flatpak, en versiones anteriores a la 1.0.7 y en versiones 1.1.x y 1.2.x anteriores a la 1.2.3, expone /proc en el sandbox de script apply_extra, lo que permite que los atacantes modifiquen un archivo ejecutable del lado del host. A flaw was found in flatpak. In certain special cases, installing flatpak applications and runtimes system-wide may allow an attacker to escape the flatpak sandbox. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html https://access.redhat.com/errata/RHSA-2019:0375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922059 https://github.com/flatpak/flatpak/releases/tag/1.0.7 https://github.com/flatpak/flatpak/releases/tag/1.2.3 https://access.redhat.com/security/cve/CVE-2019-8308 https://bugzilla.redhat.com/show_bug.cgi?id=1675070 • CWE-668: Exposure of Resource to Wrong Sphere CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 6.1EPSS: 0%CPEs: 29EXPL: 0

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65. Cuando la autodetección del proxy está habilitada, si un servidor web proporciona un archivo de autoconfiguración de proxy (PAC) o si dicho archivo se carga localmente, este último puede especificar peticiones al host local que están destinadas a enviarse a través del proxy hacia otro servidor. Este comportamiento está prohibido por defecto cuando un proxy se configura manualmente. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html http://www.securityfocus.com/bid/106773 https://access.redhat.com/errata/RHSA-2019:0622 https://access.redhat.com/errata/RHSA-2019:0623 https://access.redhat.com/errata/RHSA-2019:0680 https:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •