Page 84 of 4199 results (0.018 seconds)

CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. iproute2 versiones anteriores a 5.1.0, presenta un uso de la memoria previamente liberada en la función get_netnsid_from_name en el archivo ip/ipnetns.c. NOTA: la relevancia para la seguridad puede limitarse a ciertos usos del setuid que, aunque no es un valor predeterminado, a veces es una opción de configuración ofrecida a los usuarios finales. Incluso cuando se utiliza setuid, otros factores (como la configuración de la biblioteca C) pueden bloquear la posibilidad de explotación. • https://bugzilla.suse.com/show_bug.cgi?id=1171452 https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 https://security.gentoo.org/glsa/202008-06 https://usn.ubuntu.com/4357-1 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. json-c versiones hasta 0.14, presenta un desbordamiento de enteros y una escritura fuera de límites por medio de un archivo JSON grande, como es demostrado por la función printbuf_memappend. A flaw was found in json-c. In printbuf_memappend, certain crafted values can overflow the memory allowing an attacker to write past the memory boundary. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf https://github.com/json-c/json-c/pull/592 https://github.com/rsyslog/libfastjson/issues/161 https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-annou • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 35EXPL: 0

There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. Se presenta un uso de la memoria previamente liberada en kernel versiones anteriores a 5.5, debido a una condición de carrera entre la liberación de ptp_clock y cdev durante la desasignación de recursos. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10690 https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html https://security.netapp.com/advisory/ntap-20200608-0001 https://usn.ubuntu.com/4419-1 https://access.redhat.com/security/cve/CVE-2020-10690 https://bugzilla.redhat.com/show_bug.cgi?id=1817141 • CWE-416: Use After Free •

CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 1

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, una doble liberación en update_read_cache_bitmap_v3_order bloquea la aplicación del cliente si los datos corruptos son analizados desde un servidor manipulado. Esto ha sido parcheado en la versión 2.0.0. • https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 https://github.com/FreeRDP/FreeRDP/issues/6013 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://access.redhat.com/security/cve/CVE-2020-11044 https://bugzilla.redhat.com/show_bug.cgi?id=1835391 • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 1

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite. • https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b https://github.com/FreeRDP/FreeRDP/issues/6007 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11048 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •