Microsoft Windows 代码注入漏洞

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the Network File System in Microsoft Windows and Windows...

KLA12142 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions, spoof user interface. Below is a...

PT-2021-2591 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in code generation management in the Network File System NFS of Microsoft Windows operating systems. It allows remote attackers to execute arbitrary code and...

KB5001387: Windows Server 2012 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 - RPC Endpoint Mapper Service Elevation o...

PT-2021-8037 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the validation of UDP retransmission in the Linux kernel's NFS module. Specifically, it concerns the xprt calc majortimeo function, where a shift out-of-bounds...

kernel: umask not applied on filesystem without ACL support

A vulnerability was found in NFSv4.2 in the Linux kernel, where a server fails to correctly apply umask when creating a new object on filesystem without ACL support for example, ext4 with the "noacl" mount option. This flaw allows a local attacker with a user privilege to cause a kernel informati...

kernel: TOCTOU mismatch in the NFS client code

A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation...

USN-4752-1 linux-oem-5.6 vulnerabilities

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered that legacy pairing and secure-connections pairing authentication in the Bluetooth protocol could allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. A physically proxima...

The vulnerability of the Network File System (NFS) on Windows operating systems allows a hacker to cause a service failure.

The vulnerability of the Network File System NFS on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

kernel: TOCTOU mismatch in the NFS client code

A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation...

PT-2021-2043 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to insufficient input validation in the Network File System NFS of Windows operating systems. This can be exploited by a remote attacker to cause a denial...

CVE-2020-11920

An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code...

Svakom Siime Eye Operating System Command Injection Vulnerability

The Svakom Siime Eye is a smart home device from Svakom, USA. An operating system command injection vulnerability exists in Svakom Siime Eye. The vulnerability stems from a command injection issue in the HOST/IP section of the NFS settings menu of the web server running on the device. Arbitrary...

kernel: Nfsd failure to clear umask after processing an open or create

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

kernel: Nfsd failure to clear umask after processing an open or create

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

Apple NetFSFramework Code Issue Vulnerability

Apple NetFSFramework is a component of Apple Inc. that is used in Apple devices to support the network file system. A code issue exists in Apple NetFSFramework, which is a vulnerability that arises from an application not properly applying security restrictions within the NetFSFramework component...

Vulnerability fixed in Linux kernel

A vulnerability has been fixed in the Linux kernel. A malicious party can exploit the vulnerability to obtain sensitive information via a "path traversal" attack that allows security measures can be bypassed. The vulnerability can only be exploited when the target system provides a file system to...

CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

UBUNTU-CVE-2020-35513

A flaw incorrect umask during file or directory modification in the Linux kernel NFS network file system functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with...

Linux Kernel NFS Security Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security flaw exists in the Linux Kernel NFS version 4.2. An attacker may be able to exploit this flaw to starve a device of resources, leading to a denial of service...