4 results (0.008 seconds)

CVSS: 7.5EPSS: 20%CPEs: 2EXPL: 0

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory. Vulnerabilidad de path traversal de autenticación previa en la versión 12.4.2 del firmware SMA1000, que permite a un atacante no autenticado acceder a archivos y directorios arbitrarios almacenados fuera del directorio raíz web. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0001 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 12%CPEs: 59EXPL: 31

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. Se ha encontrado un fallo en la forma en que el miembro "flags" de la estructura del nuevo búfer de la tubería carecía de la inicialización apropiada en las funciones copy_page_to_iter_pipe y push_pipe en el kernel de Linux y, por tanto, podía contener valores obsoletos. Un usuario local no privilegiado podía usar este fallo para escribir en páginas de la caché de páginas respaldadas por archivos de sólo lectura y así escalar sus privilegios en el sistema Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages. Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. • https://www.exploit-db.com/exploits/50808 https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits https://github.com/r1is/CVE-2022-0847 https://github.com/bbaranoff/CVE-2022-0847 https://github.com/Al1ex/CVE-2022-0847 https://github.com/antx-code/CVE-2022-0847 https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker https://github.com/knqyf263/CVE-2022-0847 https://github.com/chenaotian/CVE-2022- • CWE-665: Improper Initialization CWE-909: Missing Initialization of Resource •

CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 5

fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. Un archivo fs/seq_file.c en el kernel de Linux versiones 3.16 hasta 5.13.x anteriores a 5.13.4, no restringe apropiadamente las asignaciones de búferes seq, conllevando a un desbordamiento de enteros, una escritura fuera de límites y una escalada a root por parte de un usuario no privilegiado, también se conoce como CID-8cae8cd89f05 An out-of-bounds write flaw was found in the Linux kernel's seq_file in the Filesystem layer. This flaw allows a local attacker with a user privilege to gain access to out-of-bound memory, leading to a system crash, leak of internal kernel information and can escalate privileges. The issue results from not validating the size_t-to-int conversion prior to performing operations. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. • https://github.com/Liang2580/CVE-2021-33909 https://github.com/ChrisTheCoolHut/CVE-2021-33909 https://github.com/bbinfosec43/CVE-2021-33909 http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html http://packetstormsecurity.com/files/163671/Kernel-Live-Patch-Security-Notice-LSN-0079-1.html http://packetstormsecurity.com/files/164155/Kernel-Live-Patch-Security-Notice-LSN-0081-1.html http://packetstormsecurity.com/files/165477/Kernel-Live-Patch-Security-Notice-LSN-0083-1 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier. Una vulnerabilidad en el servidor SonicWall SMA1000 HTTP Extraweb, permite a un atacante remoto no autenticado causar un bloqueo del servidor HTTP que conlleva a una denegación de servicio. Esta vulnerabilidad afectó a SMA1000 Versión 12.1.0-06411 y anteriores. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2020-0002 • CWE-248: Uncaught Exception CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •