CVE-2022-21858

Windows Bind Filter Driver Elevation of Privilege Vulnerability...

Privilege escalation

Windows Bind Filter Driver Elevation of Privilege Vulnerability...

CVE-2022-21858

Technical details (affected components, root cause, versions, exploitability, or fixes) are not publicly provided in the supplied documents. Monitor official MSRC/NVD entries and OpenVAS feeds for updates.

CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability

...

Windows Bind Filter Driver Elevation of Privilege Vulnerability

...

Microsoft Windows 权限许可和访问控制问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in the Microsoft Windows Bind Filter Driver with privilege permission and access control issues. The following products and versions are affected: Windows 10 Versio...

PT-2022-1410 · Microsoft · Windows Bind Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Bind Filter Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Bind Filter Driver, which can be exploited to elevate privileges. This could allow an attacker to affec...

Privilege Escalation

containerd is vulnerable to privilege escalation. The vulnerability exists due to a lack of validation of node location allowing an attacker to bind mount via hostPath...

Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux

Impact Containers launched through containerd’s CRI implementation on Linux systems which use the SELinux security module and containerd versions since v1.5.0 can cause arbitrary files and directories on the host to be relabeled to match the container process label through the use of...

EulerOS Virtualization 3.0.2.6 : bind (EulerOS-SA-2021-2867)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration...

Design/Logic Flaw

containerd is an open source container runtime. On installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface CRI, an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any...

PT-2022-11912

Name of the Vulnerable Software and Affected Versions: containerd versions 1.5.0-beta.0 through 1.5.8 Description: The issue affects installations using SELinux, such as EL8 CentOS, RHEL, Fedora, or SUSE MicroOS, with containerd as the backing container runtime interface CRI. An unprivileged pod...

PT-2021-24317 · Mdb Tools · Mdb Tools

Name of the Vulnerable Software and Affected Versions: MDB Tools aka mdbtools version 0.9.2 Description: The issue is a stack-based buffer overflow in the mdb numeric to string function, which is called from mdb xfer bound data and mdb attempt bind. This overflow occurs at the memory address...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2021-2867)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-2-524

2.524 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-445

2.445 Vulnerability in BIND DNS server 1. Vulnerability description: Security issue is related to inefficiency of protection against "DNS rebinding" attacks when operating in the DNS server redirecting requests mode block "forwarders" in the settings.Identifier of the Information Security Threats...

ROS-2-1750

2.1750 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-1974

2.1974 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-1991

2.1991 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

Security update for runc (moderate)

openSUSE Security Update: Security update for runc Announcement ID: openSUSE-SU-2021:4171-1 Rating: moderate References: 1193436 Cross-References: CVE-2021-43784 CVSS scores: CVE-2021-43784 NVD : 6 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L Affected Products: openSUSE Leap 15.3 An update that...