Page 84 of 2305 results (0.016 seconds)

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 6

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. En las versiones 5.5.6 y 5.6.3 de Spring Security y en versiones anteriores no soportadas, RegexRequestMatcher puede ser fácilmente configurado de forma incorrecta para ser evitado en algunos contenedores de servlets. Las aplicaciones que utilizan RegexRequestMatcher con `.` en la expresión regular son posiblemente vulnerables a un bypass de autorización A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers. • https://github.com/DeEpinGh0st/CVE-2022-22978 https://github.com/ducluongtran9121/CVE-2022-22978-PoC https://github.com/aeifkz/CVE-2022-22978 https://github.com/umakant76705/CVE-2022-22978 https://github.com/Raghvendra1207/CVE-2022-22978 https://github.com/wan9xx/CVE-2022-22978-demo https://spring.io/security/cve-2022-22978 https://access.redhat.com/security/cve/CVE-2022-22978 https://bugzilla.redhat.com/show_bug.cgi?id=2087606 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •

CVSS: 7.0EPSS: 0%CPEs: 24EXPL: 2

A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. Un fallo en el Kernel de Linux encontrado en nfcmrvl_nci_unregister_dev() en el archivo drivers/nfc/nfcmrvl/main.c puede conllevar a un uso de memoria previamente liberada de lectura o escritura cuando no está sincronizado entre la rutina de limpieza y la rutina de descarga del firmware • http://www.openwall.com/lists/oss-security/2022/06/05/4 http://www.openwall.com/lists/oss-security/2022/06/09/1 https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098 https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html https://security.netapp.com/advisory/ntap-20220707-0007 https://www.debian.org/security/2022/dsa-5173 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1

Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. Una vulnerabilidad de actualización inapropiada del recuento de referencias en net/sched del Kernel de Linux permite a un atacante local causar una escalada de privilegios a root. Este problema afecta a: Las versiones del Kernel de Linux anteriores a 5.18; la versión 4.14 y posteriores A use-after-free flaw was found in u32_change in net/sched/cls_u32.c in the network subcomponent of the Linux kernel. This flaw allows a local attacker to crash the system, cause a privilege escalation, and leak kernel information. • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/168191/Kernel-Live-Patch-Security-Notice-LSN-0089-1.html http://www.openwall.com/lists/oss-security/2022/05/18/2 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3db09e762dc79584a69c10d74a6b98f89a9979f8 https://kernel.dance/#3db09e762dc79584a69c10d74a6b98f89a9979f8 https://security.netapp.com/advisory/ntap-20220629-0005 https://www.debian.org/security • CWE-416: Use After Free CWE-911: Improper Update of Reference Count •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 1

Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. Una vulnerabilidad de desbordamiento de enteros o Wraparound en io_uring del Kernel de Linux permite a un atacante local causar una corrupción de memoria y escalar privilegios a root. Este problema afecta a: Las versiones del Kernel de Linux anteriores a 5.4.189; versión 5.4.24 y posteriores • http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/io_uring.c?h=v5.4.189&id=1a623d361ffe5cecd4244a02f449528416360038 https://kernel.dance/#1a623d361ffe5cecd4244a02f449528416360038 https://security.netapp.com/advisory/ntap-20220629-0004 • CWE-190: Integer Overflow or Wraparound •

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 2

A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. Se ha encontrado un fallo de uso de memoria previamente liberada en el controlador del adaptador inalámbrico Atheros del kernel de Linux en la forma en que un usuario fuerza la función ath9k_htc_wait_for_target a fallar con algunos mensajes de entrada. Este fallo permite a un usuario local bloquear o escalar potencialmente sus privilegios en el sistema • https://github.com/EkamSinghWalia/-Detection-and-Mitigation-for-CVE-2022-1679 https://github.com/ov3rwatch/Detection-and-Mitigation-for-CVE-2022-1679 https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html https://lore.kernel.org/lkml/87ilqc7jv9.fsf%40kernel.org/t https://security.netapp.com/advisory/ntap-20220629-0007 https://access.redhat.com/security/cve/CVE-2022-1679 https://bugzilla.redhat.com/show_bug • CWE-416: Use After Free •