RSS   Podatności dla 'Enterprise linux'   RSS

2022-05-11
 
CVE-2021-3611

CWE-787
 

 
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.

 
2022-04-18
 
CVE-2021-42780

CWE-252
 

 
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

 
 
CVE-2021-42781

CWE-787
 

 
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

 
2022-04-14
 
CVE-2022-1304

CWE-125
 

 
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.

 
2022-04-13
 
CVE-2022-1280

CWE-416
 

 
A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.

 
2022-04-08
 
CVE-2022-28796

CWE-416
 

 
jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.

 
2022-03-30
 
CVE-2020-35501

CWE-863
 

 
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem

 
2022-03-29
 
CVE-2022-1055

CWE-416
 

 
A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5

 
2022-03-23
 
CVE-2022-0996

CWE-613
 

 
A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication.

 
 
CVE-2022-27666

CWE-787
 

 
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.

 


Copyright 2022, cxsecurity.com

 

Back to Top