Lucene search
+L

127 matches found

cve
cve
added 2018/08/07 6:0 p.m.223 views

CVE-2018-5995

CVE-2018-5995 affects the Linux kernel (up to 4.14.14). The flaw is in pcpu_embed_first_chunk() in mm/percpu.c, which can let a local user read dmesg data (from a pages/cpu printk call) and disclose sensitive kernel addresses. Impact: partial kernel address disclosure with local access. Root caus...

5.5CVSS5.5AI score0.00408EPSS
Exploits0References7Affected Software1
cve
cve
added 2018/08/07 6:0 p.m.202 views

CVE-2018-5953

CVE-2018-5953 concerns the Linux kernel vulnerability where the function swiotlb_print_info (lib/swiotlb.c) in kernels up to 4.14.14 can leak sensitive address information via a software IO TLB printk in dmesg, exploitable by a local attacker. The connected Nessus entries for Unity Linux 20.x (ke...

5.5CVSS5.5AI score0.00401EPSS
Exploits0References5Affected Software1
nessus
nessus
added 2018/05/24 12:0 a.m.260 views

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4114)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4114 advisory. - KVM: SVM: Move spec control call after restore of GS Thomas Gleixner CVE-2018-3639 - x86/bugs: Fix the parameters alignment and missing void Konr...

7.8CVSS7.4AI score0.60631EPSS
Exploits8References9
nessus
nessus
added 2018/04/18 12:0 a.m.112 views

Amazon Linux 2 : kernel (ALAS-2018-956) (Dirty COW) (Spectre)

Stack-based out-of-bounds read via vmcall instruction Linux kernel compiled with the KVM virtualization CONFIGKVM support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose...

7.8CVSS6.8AI score0.93838EPSS
Exploits99References7
nessus
nessus
added 2018/03/20 12:0 a.m.39 views

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1055)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a...

7.8CVSS6.5AI score0.03543EPSS
Exploits1References5
osv
osv
added 2018/01/26 7:29 p.m.25 views

CVE-2018-5750

The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...

5.5CVSS7.2AI score
Exploits0References14
cvelist
cvelist
added 2018/01/26 7:0 p.m.23 views

CVE-2018-5750

The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...

5.7AI score0.0049EPSS
Exploits0References14
ubuntucve
ubuntucve
added 2018/01/26 12:0 a.m.42 views

CVE-2018-5750

The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call...

5.5CVSS6.7AI score0.0049EPSS
Exploits0References8
prion
prion
added 2017/12/27 5:8 p.m.21 views

Design/Logic Flaw

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles statesequal comparisons between the pointer data type and the UNKNOWNVALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...

2.1CVSS4.8AI score0.00397EPSS
Exploits0References6Affected Software2
ubuntucve
ubuntucve
added 2017/12/27 12:0 a.m.42 views

CVE-2017-17864

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles statesequal comparisons between the pointer data type and the UNKNOWNVALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."...

3.3CVSS6.7AI score0.00397EPSS
Exploits0References5
nessus
nessus
added 2017/07/21 12:0 a.m.50 views

Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information kernel memory. CVE-2014-9900 Dmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsyste...

10CVSS6.8AI score0.1081EPSS
Exploits0References12
ubuntu
ubuntu
added 2017/06/29 9:25 a.m.87 views

USN-3345-1: Linux kernel vulnerabilities

USN 3324-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience. Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds che...

7.8CVSS6.8AI score0.01372EPSS
Exploits7References2
redhatcve
redhatcve
added 2017/05/23 9:18 a.m.27 views

CVE-2017-9150

The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the printbpfinsn function, which allows local users to obtain sensitive address information via crafted bpf system calls...

5.5CVSS5.7AI score0.01261EPSS
Exploits0References2
cvelist
cvelist
added 2017/05/22 10:0 p.m.27 views

CVE-2017-9150

The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the printbpfinsn function, which allows local users to obtain sensitive address information via crafted bpf system calls...

5.7AI score0.01261EPSS
Exploits0References7
debiancve
debiancve
added 2017/05/22 10:0 p.m.49 views

CVE-2017-9150

The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the printbpfinsn function, which allows local users to obtain sensitive address information via crafted bpf system calls...

5.5CVSS6.2AI score0.01261EPSS
Exploits0
cve
cve
added 2017/05/22 10:0 p.m.139 views

CVE-2017-9150

CVE-2017-9150 affects the Linux kernel prior to 4.11.1, where the function do_check in kernel/bpf/verifier.c fails to expose the allow_ptr_leaks setting to constrain the output of print_bpf_insn. This omission enables local attackers to leak sensitive address information through crafted bpf syste...

5.5CVSS5.5AI score0.01261EPSS
Exploits0References7Affected Software1
ubuntucve
ubuntucve
added 2017/05/22 12:0 a.m.32 views

CVE-2017-9150

The docheck function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allowptrleaks value available for restricting the output of the printbpfinsn function, which allows local users to obtain sensitive address information via crafted bpf system calls...

5.5CVSS6.7AI score0.01261EPSS
Exploits0References12
nessus
nessus
added 2016/12/05 12:0 a.m.309 views

SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1)

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. For the PowerPC64 a new 'bigmem' flavor has been added to support big Power machines. FATE319026 The following security bugs were fixed : - CVE-2016-7042: The prockeysshow function in security/keys/proc....

10CVSS7.3AI score0.24299EPSS
Exploits9References127
nvd
nvd
added 2016/11/11 10:59 p.m.13 views

CVE-2016-9286

framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...

5.3CVSS5.3AI score0.01476EPSS
Exploits0References3
prion
prion
added 2016/11/11 10:59 p.m.9 views

Code injection

framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0patch1 does not properly restrict access to user records, which allows remote attackers to read address information, as demonstrated by an address/show/id/1 URI...

5CVSS7.1AI score0.01476EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder