2006 matches found
November 2020 Patch Tuesday – 112 Vulnerabilities, 17 Critical, Windows Codecs, Network File System, Workstation, Adobe
This month’s Microsoft Patch Tuesday addresses 112 vulnerabilities with 17 of them labeled as Critical. The 17 Critical vulnerabilities cover Windows Codecs, Network File System, Sharepoint, Windows Print Spooler, and several other workstation vulnerabilities. Adobe released patches today for Ado...
Windows Network File System Denial of Service Vulnerability
...
KB4586830: Windows 10 Version 1607 and Windows Server 2016 November 2020 Security Update
The Microsoft 4586830 Product is missing security updates. - Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 - DirectX Elevation of Privilege Vulnerability CVE-2020-16998 - Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 - Remote Deskto...
PT-2020-4879 · Microsoft · Windows Ntfs +1
Name of the Vulnerable Software and Affected Versions: Windows Network File System NFS affected versions not specified Description: The issue is related to a buffer overflow in the Network File System NFS of Windows operating systems. This can be exploited to gain unauthorized access to protected...
KB4586787: Windows 10 November 2020 Security Update
The Microsoft 4586787 Product is missing security updates. - Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 - DirectX Elevation of Privilege Vulnerability CVE-2020-16998 - Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 - Remote Deskto...
KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, bypass security restrictions. Below is a...
KB4586785: Windows 10 Version 1803 November 2020 Security Update
The Microsoft 4586785 Product is missing security updates. - Remote Desktop Protocol Server Information Disclosure Vulnerability CVE-2020-16997 - DirectX Elevation of Privilege Vulnerability CVE-2020-16998 - Windows WalletService Information Disclosure Vulnerability CVE-2020-16999 - Remote Deskto...
kernel: TOCTOU mismatch in the NFS client code
A flaw was found in the NFSv4 implementation where when mounting a remote attacker controlled server it could return specially crafted response allow for local memory corruption and possibly privilege escalation...
kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic
A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality...
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c aka CID-b4487b935452.
...
Linux kernel information disclosure vulnerability (CNVD-2020-51796)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. An information disclosure vulnerability exists in Linux kernel before version 5.8.3, which stems from a TOCTOU mismatch in the NFS client code. An attacker can exploit...
UBUNTU-CVE-2020-25212
A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452...
CVE-2020-24394
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c in the NFS server can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered...
kernel: nfs: use-after-free in svc_process_common()
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bcsvcprocess use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and ...
USN-4400-1 nfs-utils vulnerability
It was discovered that the nfs-utils package set incorrect permissions on the /var/lib/nfs directory. An attacker could possibly use this issue to escalate privileges...
Pengutronix barebox buffer overflow vulnerability (CNVD-2020-36741)
Pengutronix barebox is a bootloader used in embedded Linux systems. A buffer overflow vulnerability exists in the nfsreadreply file in net/nfs.c in Pengutronix barebox version 2020.05.0 and earlier. The vulnerability originates when a network system or product performs an operation in memory...
Wireshark Resource Management Error Vulnerability
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A security vulnerability exists in Wireshark versions 3.2.0 through 3.2.3, 3.0.0 throug...
DEBIAN-CVE-2020-13164
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem...
UBUNTU-CVE-2020-13164
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem...
PT-2020-3072
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a buffer overflow in the Direct IO function of the Linux kernel, which can be exploited to gain unauthorized access to protected information or cause a denial o...