CVE-2023-1380
- EPSS 16.64%
- Veröffentlicht 27.03.2023 21:15:10
- Zuletzt bearbeitet 21.11.2024 07:39:04
A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined ...
CVE-2023-0386
- EPSS 7.88%
- Veröffentlicht 22.03.2023 21:15:18
- Zuletzt bearbeitet 04.11.2025 16:47:21
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This...
CVE-2022-40617
- EPSS 1.63%
- Veröffentlicht 31.10.2022 06:15:09
- Zuletzt bearbeitet 06.05.2025 19:15:56
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control...
- EPSS 0.45%
- Veröffentlicht 21.09.2022 08:15:09
- Zuletzt bearbeitet 28.05.2025 16:15:28
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.
CVE-2022-39176
- EPSS 0.66%
- Veröffentlicht 02.09.2022 04:15:11
- Zuletzt bearbeitet 15.04.2026 21:17:03
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
CVE-2022-39177
- EPSS 0.61%
- Veröffentlicht 02.09.2022 04:15:11
- Zuletzt bearbeitet 15.04.2026 21:17:04
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
CVE-2022-1184
- EPSS 0.28%
- Veröffentlicht 29.08.2022 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:40:12
A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.
CVE-2021-3975
- EPSS 1.22%
- Veröffentlicht 23.08.2022 20:15:08
- Zuletzt bearbeitet 21.11.2024 06:23:17
A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAl...
CVE-2021-3905
- EPSS 1.58%
- Veröffentlicht 23.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 06:22:44
A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.
CVE-2022-34918
- EPSS 5.45%
- Veröffentlicht 04.07.2022 21:15:07
- Zuletzt bearbeitet 21.11.2024 07:10:26
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacke...