USN-6688-1: Linux kernel (OEM) vulnerabilities

Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service host domain crash...

CVE-2023-36425

Windows Distributed File System DFS Remote Code Execution Vulnerability...

Remote code execution

Windows Distributed File System DFS Remote Code Execution Vulnerability...

Microsoft Windows Distributed File System (DFS) Security Vulnerability

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in the Microsoft Windows Distributed File System DFS. An attacker could exploit the vulnerability to remotely execute code. The following produc...

PT-2023-7211 · Microsoft · Windows Distributed File System +1

Name of the Vulnerable Software and Affected Versions: Windows Distributed File System DFS affected versions not specified Description: The issue is related to insufficient input validation in the Windows Distributed File System DFS, allowing a remote attacker to execute arbitrary code. This can...

CVE-2023-41303

Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified...

Command injection

Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified...

CVE-2023-41303

CVE-2023-41303: Command injection in the distributed file system module of HarmonyOS/Different builds leads to potential modification of variables in the sock structure. Documented impact per CVSS: network attack, no user interaction, no privileges required, resulting in high integrity impact; no...

CVE-2023-41303

Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified...

Huawei HarmonyOS Command Injection Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a command injection vulnerability that stems from a command injection vulnerability in the Distributed File System module...

CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...

CVE-2023-37240

Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read...

CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...

Out-of-bounds

Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read...

Format string

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...

CVE-2023-37240

CVE-2023-37240 involves Huawei HarmonyOS and its distributed file system, caused by missing input length verification. The vulnerability allows out-of-bounds reads (high impact per NVD CVSS 3.1: CRITICAL). Affected component: distributed file system in HarmonyOS; underlying issue is unverified in...

CVE-2023-37240

Vulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read...

CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...

CVE-2023-37239

The CVE-2023-37239 entry describes a format-string vulnerability in the distributed file system of Huawei/HarmonyOS. Multiple connected sources (Red Hat, NVD, PRION, CVE lists, CNNVD, and others) corroborate a vulnerability where exploitation (by bypassing SELinux) can crash the target program, i...

CVE-2023-37239

Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program...