kernel: nfsd: don't replace page in rq_pages if it's a continuation of last page

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't replace page in rqpages if it's a continuation of last page The splice read calls nfsdspliceactor to put the pages containing file data into the svcrqst-rqpages array. It's possible however to get a splice result that...

kernel: NFSD: Finish converting the NFSv2 GETACL result encoder

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...

kernel: NFSD: Protect against send buffer overflow in NFSv3 READDIR

A buffer management flaw was found in the Linux kernel's NFS server implementation in the NFSv3 READDIR operation handling. A remote client can trigger this issue by crafting an RPC call with an oversized RPC record header, which forces the server to shrink its response buffer allocation. This...

kernel: fscache: Fix invalidation/lookup race

In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscacheinvalidate will be asked to invalidate the file - however, if the cookie is in the LOOKINGUP state or the CREATING state, then request ...

kernel: use-after-free caused by invalid pointer hostname in fs/cifs/connect.c

A use-after-free flaw was found in reconnsetipaddrfromhostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-hostname to NULL, leading to an invalid pointer request...

Windows Network File System Remote Code Execution Vulnerability

...

PT-2023-2699 · Microsoft · Windows Network File System +1

Name of the Vulnerable Software and Affected Versions: Windows Network File System affected versions not specified Description: The vulnerability exists due to insufficient input validation in the Windows Network File System. It allows remote attackers to execute arbitrary code and affect the...

PT-2023-2705 · Microsoft · Windows Nfs Portmapper +1

Name of the Vulnerable Software and Affected Versions: Windows NFS Portmapper affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows NFS Portmapper component, which can be exploited by a remote attacker to disclose protected...

Microsoft Windows Network File System 安全漏洞

Microsoft Windows Network File System is a file sharing solution from Microsoft that lets you transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. A security vulnerability exists in Microsoft Windows Network File System. The following products...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Circumvention of security measure. Remote code execution Administrator/Root rights Remote code execution User...

Microsoft Windows NFS Portmapper 安全漏洞

Microsoft Windows NFS is a network file system from Microsoft USA. A security vulnerability exists in Microsoft Windows NFS Portmapper. The following products and versions are affected:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809...

VulnCheck KEV: CVE-2022-30136

Windows Network File System Remote Code Execution Vulnerability...

Important: kernel

Issue Overview: A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. CVE-2022-4379 In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of...

The vulnerability of the Network File System (NFS) of Windows operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Network File System NFS of Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...

CVE-2023-28247

Windows Network File System Information Disclosure Vulnerability...

CVE-2023-28247

Windows Network File System Information Disclosure Vulnerability...

Information disclosure

Windows Network File System Information Disclosure Vulnerability...

CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability

...

CVE-2023-28247

CVE-2023-28247 corresponds to a Windows Network File System Information Disclosure vulnerability. The provided data lists a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector, low attack complexity, no privileges required, no user interaction, and an unchanged scope. Confidentiality im...

CVE-2023-28247 Windows Network File System Information Disclosure Vulnerability

...