1889 matches found
USN-2220-1: Linux kernel (EC2) vulnerabilities
Matthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. CVE-2014-1738 Matthew Daley reported a flaw in the handling of ioctl commands by the floppy...
RedHat Update for kernel RHSA-2014:0475-01
Check for the Version of kernel OpenVAS Vulnerability Test RedHat Update for kernel RHSA-2014:0475-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
CentOS Update for kernel CESA-2014:0475 centos6
Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2014:0475 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
kernel, perf, python security update
CentOS Errata and Security Advisory CESA-2014:0475 Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring...
kernel: netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages
net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...
kernel: net: rds: dereference of a NULL device in rds_ib_laddr_check()
A NULL pointer dereference flaw was found in the rdsibladdrcheck function in the Linux kernel's implementation of Reliable Datagram Sockets RDS. A local, unprivileged user could use this flaw to crash the system...
OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products
Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling ...
UBUNTU-CVE-2014-2678
The rdsiwladdrcheck function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports...
DEBIAN-CVE-2014-2523
net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...
DEBIAN-CVE-2013-7339
The rdsibladdrcheck function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports...
UBUNTU-CVE-2014-2523
net/netfilter/nfconntrackprotodccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service system crash or possibly execute arbitrary code via a DCCP packet that triggers a call to the 1 dccpnew, 2 dccppacket, or 3...
Kernel: net: memory corruption with UDP_CORK and UFO
The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that uses the UDPCORK...
USN-2134-1: Linux kernel (OMAP4) vulnerabilities
Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. CVE-2013-4579 Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine KVM...
Kernel: net: memory corruption with UDP_CORK and UFO
The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that uses the UDPCORK...
Cisco IOS Software SSL VPN Interface Queue Wedge Denial of Service Vulnerability
A vulnerability in the Datagram Transport Layer Security DTLS function of the Cisco IOS Software SSL VPN feature could allow an authenticated, remote attacker to cause the SSL VPN gateway interface to stop processing traffic when the queue is full, resulting in a denial of service DoS condition...
DEBIAN-CVE-2013-4470
The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that uses the UDPCORK...
UBUNTU-CVE-2013-4470
The Linux kernel before 3.12, when UDP Fragmentation Offload UFO is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service memory corruption and system crash or possibly gain privileges via a crafted application that uses the UDPCORK...
SSL/TLS: CBC padding timing attack (lucky-13)
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...
DEBIAN-CVE-2013-4387
net/ipv6/ip6output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload UFO processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service memory corruption and system crash or...
DEBIAN-CVE-2013-4162
The udpv6pushpendingframes function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service BUG and system crash via a crafted application that uses the UDPCORK option ...