Page 88 of 1161 results (0.017 seconds)

CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1

The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. La función resv_map_release en mm/hugetlb.c en el kernel de Linux hasta la versión 4.15.7 permite que usuarios locales provoquen una denegación de servicio (error) mediante una aplicación manipulada que realiza llamadas del sistema mmap y tiene un argumento grande pgoff en la llamada del sistema remap_file_pages. The resv_map_release function in mm/hugetlb.c in the Linux kernel, through 4.15.7, allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call. • http://www.securityfocus.com/bid/103316 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://bugzilla.kernel.org/show_bug.cgi?id=199037 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html https://usn.ubuntu.com/3910-1 https://usn.ubuntu.com/3910-2 https://www.debian.org/security/2018/dsa-4187 https://www.debian.org/security/2018/dsa-4188 https://access.redhat.com/security/cve/CVE-2018-7740 htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. Se ha encontrado un error de lectura de memoria fuera de límites en la forma en la que 389-ds-base gestionaba ciertos filtros de búsqueda LDAP, que afecta a todas las versiones 1.4.x. Un atacante remoto no autenticado podría emplear este error para hacer que ns-slapd se cierre inesperadamente mediante una petición LDAP especialmente manipulada que resulta en una denegación de servicio (DoS). An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters. • http://www.securityfocus.com/bid/103228 https://access.redhat.com/errata/RHSA-2018:0414 https://access.redhat.com/errata/RHSA-2018:0515 https://bugzilla.redhat.com/show_bug.cgi?id=1537314 https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html https://pagure.io/389-ds-base/issue/49545 https://access.redhat.com/security/cve/CVE-2018-1054 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0

A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this. Se ha detectado un error en el kernel de Linux en versiones anteriores a la 4.12 en la forma en la que el módulo KVM procesó el bit trap flag(TF) en EFLAGS durante la emulación de la instrucción de la llamada del sistema, lo que conduce a que se lance una excepción de depuración (#DB) en la pila invitada. Un usuario/proceso en un invitado podría utilizar este error para escalar sus privilegios en el invitado. • http://www.openwall.com/lists/oss-security/2017/06/23/5 http://www.securityfocus.com/bid/99263 http://www.securitytracker.com/id/1038782 https://access.redhat.com/articles/3290921 https://access.redhat.com/errata/RHSA-2018:0395 https://access.redhat.com/errata/RHSA-2018:0412 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518 https://usn.ubuntu.com/3619-1 https://usn.ubuntu.com/3619-2 https://usn.ubuntu.com/3754-1 https://www.debian.org/security&# • CWE-250: Execution with Unnecessary Privileges CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos provoque una denegación de servicio (desreferencia de puntero NULL) u omita una comprobación de contenedor DN proporcionando datos etiquetados internos del módulo de la base de datos. • http://www.securitytracker.com/id/1042071 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3071 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 https://bugzilla.redhat.com/show_bug.cgi?id=1551083 https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://lists.fedoraproject.org/ar • CWE-476: NULL Pointer Dereference •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a "linkdn" and "containerdn" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN. MIT krb5, en versiones 1.6 o posteriores, permite que un kadmin autenticado con permiso para añadir entidades de seguridad a una base de datos LDAP Kerberos sortee una comprobación de containership DN proporcionando argumentos "linkdn" y "containerdn" de la base de datos, o proporcionando una cadena DN, que es una extensión a la izquierda de una cadena DN de contenedor pero que, jerárquicamente, no está dentro del contenedor DN. • http://www.securitytracker.com/id/1042071 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3071 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869 https://bugzilla.redhat.com/show_bug.cgi?id=1551082 https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1 https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html https://lists.fedoraproject.org/ar • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •