CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2016/05/02 12:36 p.m.•5 views

chromium-browser: use-after-free in extensions

extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...

10CVSS7.7AI score0.03881EPSS

RedHat Linux•added 2016/02/16 2:59 p.m.•4 views

kernel: Keyrings crash triggerable by unprivileged user

It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system...

RedHat Linux•added 2016/02/16 11:15 a.m.•4 views

kernel: Keyrings crash triggerable by unprivileged user

RedHat Linux•added 2016/02/16 10:46 a.m.•3 views

kernel: Keyrings crash triggerable by unprivileged user

Ubuntu•added 2015/12/17 7:37 p.m.•78 views

USN-2843-3: Linux kernel (Raspberry Pi 2) vulnerabilities

郭永刚 discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl on /dev/ppp could cause a denial of service system crash. CVE-2015-7799 Dmitry Vyukov discovered that the Linux kernel's keyring...

4.9CVSS6.3AI score0.00651EPSS

Exploits1

OSV•added 2015/12/17 7:24 p.m.•1 views

USN-2843-2 linux-lts-wily vulnerabilities

Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service system crash in the host OS. CVE-2015-8104 郭永刚 discovered that the pp...

10CVSS6.7AI score0.02501EPSS

Exploits1References6

RedHat Linux•added 2015/12/15 1:57 p.m.•2 views

kernel: Keyrings crash triggerable by unprivileged user

OSV•added 2015/12/04 6:21 p.m.•1 views

USN-2829-2 linux-lts-vivid vulnerabilities

It was discovered that the SCTP protocol implementation in the Linux kernel performed an incorrect sequence of protocol-initialization steps. A local attacker could use this to cause a denial of service system crash. CVE-2015-5283 Dmitry Vyukov discovered that the Linux kernel's keyring handler...

4.7CVSS6.6AI score0.00549EPSS

Exploits1References3

Citrix•added 2015/12/04 12:0 a.m.•7 views

Understanding Garbage Collection and Coalesce Process Troubleshooting

Summary In most cases, customers have experienced issues with coalescing snapshots after deleting snapshots. At times we do notsee the reclaimed space once a snapshot is deleted. Even with an SR rescan to manually get the Garbage Collection GC to kick-in does not reclaim space. This article...

6.8AI score

OSV•added 2015/12/01 9:59 p.m.•1 views

USN-2824-1 linux-lts-utopic vulnerability

Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service system crash...

OSV•added 2015/12/01 8:37 p.m.•1 views

Exploits0References2

USN-2823-1 linux vulnerabilities

4.7CVSS6.6AI score0.00549EPSS

Exploits1References3

RedHat Linux•added 2015/11/25 9:15 p.m.•2 views

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883...

10CVSS7.3AI score0.06284EPSS

RedHat Linux•added 2015/11/04 12:10 p.m.•2 views

Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service incorrect garbage collection and application crash or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript...

6.8CVSS7.8AI score0.03661EPSS

ArchLinux•added 2015/10/23 12:0 a.m.•66 views

jre7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

10CVSS1.5AI score0.13354EPSS

Exploits0References22

ArchLinux•added 2015/10/23 12:0 a.m.•67 views

jre8-openjdk-headless: multiple issues

10CVSS2.6AI score0.13354EPSS

Exploits0References25

RedHat Linux•added 2015/10/22 6:34 p.m.•4 views

OpenJDK: incorrect access control context used in DGCImpl (RMI, 8080688)

10CVSS7.3AI score0.06284EPSS

exploitpack•added 2015/08/19 12:0 a.m.•9 views

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect Source: https://code.google.com/p/google-security-research/issues/detail?id=416&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id This issue is a variant of issue 192 , which the fix did not...

0.2AI score

Exploit DB•added 2015/08/19 12:0 a.m.•19 views

Adobe Flash - XMLSocket Destructor Not Cleared Before Setting User Data in connect

Source: https://code.google.com/p/google-security-research/issues/detail?id=416&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id This issue is a variant of issue 192 , which the fix did not address. If XMLSocket connect is called on an object that already has a destroy...

7AI score