Remote Code Execution (RCE)

sysstat is vulnerable to remote code execution. The vulnerability exists in allocatestructures function of sacommon.c due to insufficiently checks bounds before arithmetic multiplication which allows an attacker to inject and execute malicious query parameters...

Ubuntu: Security Advisory (USN-5748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5748-1 sysstat vulnerability

It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code...

The vulnerability of the vim_regexec_string() function in the Vim text editor allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the vimregexecstring function in the Vim text editor is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Ubuntu: Security Advisory (USN-5735-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Linux operating system’s kernel, related to pointer arithmetic errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

EulerOS 2.0 SP9 : deltarpm (EulerOS-SA-2022-2758)

According to the versions of the deltarpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes a large dynamic...

EulerOS 2.0 SP9 : mariadb-connector-c (EulerOS-SA-2022-2771)

According to the versions of the mariadb-connector-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmeti...

EulerOS 2.0 SP9 : deltarpm (EulerOS-SA-2022-2723)

According to the versions of the deltarpm package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service application crash via an invalid file that causes a large dynamic...

Huawei EulerOS: Security Advisory for mariadb-connector-c (EulerOS-SA-2022-2736)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-39377

An arithmetic overflow issue was discovered in Sysstat on 32-bit systems. The allocatestructures function in sacommon.c insufficiently checks bounds before arithmetic multiplication, allowing an overflow in the size allocated for the buffer representing system activities. The vulnerability can be...

CVE-2022-3787

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

PT-2023-13556 · Unknown +4 · Device-Mapper-Multipath +4

Name of the Vulnerable Software and Affected Versions: device-mapper-multipath affected versions not specified Description: A local privilege escalation issue exists, allowing local users to obtain root access by exploiting a flaw in the handling of UNIX domain sockets. This can be achieved by...

EulerOS 2.0 SP10 : mariadb-connector-c (EulerOS-SA-2022-2659)

According to the versions of the mariadb-connector-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmeti...

DEBIAN-CVE-2022-41974

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

Privilege escalation

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

CVE-2022-41974

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

UBUNTU-CVE-2022-41974

multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege...

The vulnerability of the ax25_release() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ax25release function in the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...