CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48658 – mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
https://notcve.org/view.php?id=CVE-2022-48658
Eventos WQ_MEM_RECLAIM:flush_cpu_slab ADVERTENCIA: CPU: 37 PID: 410 en kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Cola de trabajo: vme-delete-wq nvme_delete_ctrl_work [ nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Seguimiento de llamadas: __flush_work.isra.0+0xbf/0x220? • https://git.kernel.org/stable/c/5a836bf6b09f99ead1b69457ff39ab3011ece57b https://git.kernel.org/stable/c/61703b248be993eb4997b00ae5d3318e6d8f3c5b https://git.kernel.org/stable/c/df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a https://git.kernel.org/stable/c/e45cc288724f0cfd497bb5920bcfa60caa335729 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1500 – Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability
https://notcve.org/view.php?id=CVE-2021-1500
A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmesh-openred-AGNRmf5 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 1CVE-2015-4523 – Oracle VM VirtualBox 4.3.6 - 3D Acceleration Virtual Machine Escape
https://notcve.org/view.php?id=CVE-2015-4523
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. Blue Coat Malware Analysis Appliance (MAA) en versiones anteriores a la 4.2.5 y Malware Analyzer G2 permiten a los atacantes remotos omitir un mecanismo de protección de máquinas virtuales y, como consecuencia, modificar archivos arbitrarios, provocar una denegación de servicio (reinicio del host o restauración a valores de fábrica) o ejecutar código arbitrario mediante vectores relacionados con el guardado de archivos durante un análisis. • https://www.exploit-db.com/exploits/34334 https://bto.bluecoat.com/security-advisory/sa97 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.9EPSS: 0%CPEs: 18EXPL: 1CVE-2017-4901 – VMware WorkStation 12.5.5 - Virtual Machine Escape
https://notcve.org/view.php?id=CVE-2017-4901
The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or Fusion. La función drag-and-drop (DnD) en Workstation versiones 12.x y anteriores a 12.5.4 y Fusion versiones 8.x y anteriores a 8.5.5 de VMware, presenta una vulnerabilidad de acceso a la memoria fuera de límites. Esto puede permitir que un invitado ejecute código en el sistema operativo que ejecuta Workstation o Fusion. • https://www.exploit-db.com/exploits/47714 http://www.securityfocus.com/bid/96881 http://www.securitytracker.com/id/1038025 https://www.vmware.com/security/advisories/VMSA-2017-0005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •