CVE-2022-25327 Local Denial of Service in fscrypt PAM module

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

CVE-2022-25327 Local Denial of Service in fscrypt PAM module

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

CVE-2022-25327

CVE-2022-25327 affects the PAM module for fscrypt, where inadequate validation of fscrypt metadata files lets a local user craft malicious metadata to cause a denial of service, preventing other users from logging in. The documented remediation is to upgrade to version 0.3.3 or above. The connect...

OESA-2022-1520 flatpak security update

Application deployment framework for desktop apps. Security Fixes: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual...

Ubuntu: Security Advisory (USN-5137-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5117-1 linux-oem-5.13 vulnerabilities

It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non-existent device id. An attacker with CAPSYSADMIN could use this to cause a denial of service. CVE-2021-3739 It was discovered that the Qualcomm IPC Router protocol implementation in the Linux...

USN-5115-1: Linux kernel (OEM) vulnerabilities

It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information WiFi network traffic. CVE-2020-3702 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF...

Tuxera NTFS-3G 缓冲区错误漏洞

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A buffer overflow vulnerability exists in NTFS-3G in versions prior to 2021.8.22. The vulnerability is caused by an application incorrectly validating certain NT...

Tuxera NTFS-3G 缓冲区错误漏洞

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A security vulnerability exists in NTFS-3G that originates from an application's improper validation of certain NTFS metadata, which can be exploited by an...

Aruba Networks ArubaOS 命令注入漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. injection vulnerability, which is caused by incorrect validation of certain NTFS metadata by the application, which could lead to a...

Tuxera NTFS-3G 缓冲区错误漏洞

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A security vulnerability exists in NTFS-3G that originates from an application's improper validation of certain NTFS metadata, which can be exploited by an...

Tuxera NTFS-3G 缓冲区错误漏洞

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A security vulnerability exists in NTFS-3G that originates from an application's improper validation of certain NTFS metadata, which can be exploited by an...

USN-4708-1 linux, linux-lts-xenial vulnerabilities

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service system crash. CVE-2018-13093 It was discovered that the btrfs fi...

CVE-2020-11127

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

RHEL 8 : kernel (RHSA-2020:4286)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4286 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net: bluetooth: type confusion...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4576-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4576-1 advisory. Hadar Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free...

DEBIAN-CVE-2020-14382

A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container. The bug is in segments validation code in file 'lib/luks2/luks2jsonmetadata.c' in function...

CVE-2020-14385

A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is...

USN-4483-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4 vulnerabilities

Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service memory exhaustion. CVE-2019-20810 Fan Yang discovered that the mremap...

USN-4486-1 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerability

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service system crash...