Lucene search
K

144 matches found

RedHat Linux
RedHat Linux
added 2022/01/31 5:8 p.m.2 views

samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module vfsfruit, a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and...

9CVSS7.1AI score0.7372EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/01/31 4:46 p.m.4 views

samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module vfsfruit, a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and...

9CVSS7.1AI score0.7372EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/01/31 4:42 p.m.7 views

samba: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution

An out-of-bounds heap read write vulnerability was found in Samba. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module vfsfruit, a remote attacker with ability to write to file's extended attributes can trigger an out-of-bounds write and...

9CVSS7.1AI score0.7372EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2022/01/06 9:48 a.m.114 views

LSN-0083-1: Kernel Live Patch Security Notice

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...

8.8CVSS7.6AI score0.78684EPSS
Exploits29
OSV
OSV
added 2022/01/06 8:48 a.m.16 views

LSN-0083-1 Kernel Live Patch Security Notice

The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.CVE-2018-25020...

8.8CVSS7.2AI score0.78684EPSS
Exploits29References6
RedHat Linux
RedHat Linux
added 2021/11/02 8:14 p.m.6 views

flatpak: Sandbox bypass via recent VFS-manipulating syscalls

A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/02 6:26 p.m.3 views

flatpak: Sandbox bypass via recent VFS-manipulating syscalls

A flaw was found in the flatpak package. It is susceptible to a software flaw that can deceive portals and other host-OS services into treating the flatpak app as an ordinary, non-sandboxed host-OS process. This flaw allows the escalation of privileges that the corresponding services presume the...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/10/20 12:0 a.m.5 views

PT-2021-8067 · Webkitgtk +7 · Webkitgtk +7

Name of the Vulnerable Software and Affected Versions: WebKitGTK versions prior to 2.34.1 WPE WebKit versions prior to 2.34.1 Description: The issue is related to insecure privilege management in WebKitGTK and WPE WebKit, allowing a remote attacker to impact the integrity of protected information...

8.8CVSS6.6AI score0.02319EPSS
Exploits4References98
OSV
OSV
added 2021/10/08 2:15 p.m.3 views

UBUNTU-CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

8.8CVSS6.8AI score0.00406EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2021/09/13 9:12 a.m.143 views

LSN-0081-1: Kernel Live Patch Security Notice

Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.CVE-2021-3653 Maxim...

8.8CVSS7.4AI score0.78684EPSS
Exploits28
OSV
OSV
added 2021/07/26 6:29 a.m.14 views

LSN-0079-1 Kernel Live Patch Security Notice

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code.CVE-2021-3600 It was discovered that the virtual file system...

7.8CVSS7.5AI score0.09729EPSS
Exploits6References3
Ubuntu
Ubuntu
added 2021/07/20 10:11 p.m.172 views

USN-5018-1: Linux kernel vulnerabilities

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2021-33909 Piotr Krysiuk discovered that the eBPF...

7.8CVSS7.5AI score0.09729EPSS
Exploits11
Ubuntu
Ubuntu
added 2021/07/20 9:33 p.m.139 views

USN-5014-1: Linux kernel vulnerability

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7.8CVSS7.2AI score0.09729EPSS
Exploits6
OSV
OSV
added 2021/07/20 9:33 p.m.3 views

USN-5014-1 linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe, linux-lts-xenial, linux-kvm, linux-oracle, linux-raspi, linux-raspi2-5.3 vulnerability

It was discovered that the virtual file system implementation in the Linux kernel contained an unsigned to signed integer conversion error. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

7.8CVSS7.1AI score0.09729EPSS
Exploits6References2
AlmaLinux
AlmaLinux
added 2021/02/16 7:34 a.m.20 views

dracut bug fix and enhancement update

The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition...

2.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/28 3:44 p.m.4 views

gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...

8.1CVSS5.8AI score0.01749EPSS
Exploits0References4
OSV
OSV
added 2020/04/07 9:0 p.m.8 views

USN-4324-1 linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Shijie Luo discovered that the ext4 file system...

7.1CVSS6.7AI score0.00655EPSS
Exploits0References3
OSV
OSV
added 2020/04/06 8:29 p.m.7 views

USN-4318-1 linux, linux-hwe vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Gustavo Romero and Paul Mackerras discovered that th...

7.1CVSS6.7AI score0.00655EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2019/10/09 12:0 a.m.19 views

The vulnerability of the protection mechanism for the virtual file system “/proc” in the Oracle Solaris operating system allows a perpetrator to execute arbitrary code.

The vulnerability of the protection mechanism for the virtual file system “/proc” in the Oracle Solaris operating system is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

7CVSS5.8AI score
Exploits0References2Affected Software1
Kitploit
Kitploit
added 2019/09/26 12:0 p.m.531 views

MemProcFS - The Memory Process File System

The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system. Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file...

6.8AI score
Exploits0References15
Rows per page
Query Builder