Aggregator

A vulnerability was found in Linux Kernel up to 6.0.7. It has been rated as critical. Affected by this issue is the function resolve_indirect_refs of the component btrfs. The manipulation of the argument aux leads to memory leak. This vulnerability is handled as CVE-2022-49914. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.7. It has been declared as critical. Affected by this vulnerability is the function dsa_loop_init of the component net. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49926. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.4.223/5.10.153/5.15.77/6.0.7 and classified as critical. This issue affects the function ib_core_cleanup. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-49925. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.153/5.15.77/6.0.7. It has been classified as critical. Affected is the function nxp_nci_send of the component nfc. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-49923. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.0.7 and classified as problematic. This vulnerability affects the function nfs4_set_client+0x1a2/0x2b0 of the component nfs4. The manipulation leads to allocation of resources. This vulnerability was named CVE-2022-49927. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.10.153/5.15.77/6.0.7. This affects the function fdp_nci_send of the component nfc. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49924. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.0.7. Affected by this issue is the function __mdiobus_register of the file drivers/net/phy/mdio_bus.c of the component net. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2022-49907. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 4.19.264/5.4.223/5.10.153/5.15.77/6.0.7. Affected is the function __ip_vs_cleanup_batch of the file fs/proc/generic.c of the component ipvs. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2022-49918. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.4.223/5.10.153/5.15.77/6.0.7. Affected by this vulnerability is the function find_parent_nodes of the component btrfs. The manipulation leads to infinite loop. This vulnerability is known as CVE-2022-49913. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.77/6.0.7. It has been rated as critical. This issue affects the function hci_rx_work of the file net/core/skbuff.c of the component Bluetooth. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2022-49908. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 4.19.264/5.4.223/5.10.153/5.15.77/6.0.7. It has been declared as problematic. This vulnerability affects the function ip_vs_app_net_cleanup of the file fs/proc/generic.c of the component ipvs. The manipulation leads to improper initialization. This vulnerability was named CVE-2022-49917. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.7. It has been classified as critical. This affects the function unregister_region. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49893. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 4.19.264/5.4.223/5.10.153/5.15.77/6.0.7 and classified as problematic. Affected by this issue is the function ip6_route_net_exit_late of the file fs/proc/generic.c of the component ipv6. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2022-49903. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.153/5.15.77/6.0.7 and classified as critical. Affected by this vulnerability is the function kretprobe_cmd of the component tracing. The manipulation leads to memory leak. This vulnerability is known as CVE-2022-49891. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

2024 年 3 月 Redis 宣布从 7.4 版本起其许可证从 3-clause BSD 切换到商业使用需获得授权的双许可证 Redis Source Available License (RSALv2) 和 Server Side Public License (SSPLv1)。此举意味着 Redis 不再属于 FOSS。开源社区的回应是创建分支。分支之一的 Valkey 得到了 Linux 基金会以及 Google、亚马逊 AWS 和甲骨文等云巨头的支持。在时隔一年多时间之后，Redis 公司宣布了 8.0 版本，决定再次拥抱开源，加入了 AGPLv3 作为新许可证选项。

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.0.7. Affected is the function vfs_getxattr_alloc of the component capabilities. The manipulation leads to memory leak. This vulnerability is traded as CVE-2022-49890. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.266/5.4.224/5.10.154/5.15.78/6.0.8. This issue affects the function query_regdb_file of the component wifi. The manipulation of the argument alpha2 leads to memory leak. The identification of this vulnerability is CVE-2022-49881. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 5.4.223/5.10.153/5.15.77/6.0.7. This vulnerability affects unknown code in the library fs/ext4/ext4.h. The manipulation of the argument rec_len leads to privilege escalation. This vulnerability was named CVE-2022-49879. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.4.223/5.10.153/5.15.77/6.0.7. This affects the function sc_disable. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2022-49931. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.0.8. It has been rated as critical. Affected by this issue is the function mousevsc_probe of the component HID. The manipulation leads to memory leak. This vulnerability is handled as CVE-2022-49874. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.