1295 matches found
Moderate: Red Hat Security Advisory: php53 security update
Updated php53 packages that fix three security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Ubuntu 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1054-1)
Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. CVE-2010-0435 Dan Rosenberg discovered that the Linux kernel TIPC implementation...
kernel: net/packet/af_packet.c: reading uninitialized stack memory
net/packet/afpacket.c in the Linux kernel before 2.6.37-rc2 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETRAW capability to read copies of the applicable structures...
kernel: drivers/sound/pci/rme9652/hdsp.c: reading uninitialized stack memory
The sndhdsphwdepioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRVHDSPIOCTLGETCONFIGINFO ioctl call...
kernel: ipc/compat*.c: reading uninitialized stack memory
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the 1 compatsyssemctl, 2 compatsysmsgctl, and 3 compatsysshmctl functions in...
CVE-2011-0476
Removed by vendor...
CVE-2011-0476
CVE-2011-0476 : Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 are affected. A PDF document can trigger an out-of-memory error, causing stack memory corruption and a possible denial of service. The description is supported by multiple sources (NVD/OpenVAS entries) with a high C...
kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvmvcpuevents-interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors...
kernel: drivers/serial/serial_core.c: reading uninitialized stack memory
The uartgetcount function in drivers/serial/serialcore.c in the Linux kernel before 2.6.37-rc1 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
kernel: drivers/video/via/ioctl.c: reading uninitialized stack memory
The viafbioctlgetviafbinfo function in drivers/video/via/ioctl.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a VIAFBGETINFO ioctl call...
kernel: ipc/shm.c: reading uninitialized stack memory
The copyshmidtouser function in ipc/shm.c in the Linux kernel before 2.6.37-rc1 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the "old shm interface."...
kernel: drivers/net/usb/hso.c: prevent reading uninitialized memory
The hsogetcount function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call...
Design/Logic Flaw
Linux kernel 2.6.33 and 2.6.34.y does not initialize the kvmvcpuevents-interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors...
Ubuntu 9.10 / 10.04 LTS / 10.10 : linux, linux-ec2 vulnerabilities (USN-1041-1)
Ben Hawkes discovered that the Linux kernel did not correctly filter registers on 64bit kernels when performing 32bit system calls. On a 64bit system, a local attacker could manipulate 32bit system calls to gain root privileges. CVE-2010-3301 Dan Rosenberg discovered that the btrfs filesystem did...
CVE-2010-3877
The getname function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...
CVE-2010-3875
The ax25getname function in net/ax25/afax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...
Design/Logic Flaw
The getname function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...
CVE-2010-3875
The ax25getname function in net/ax25/afax25.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...
CVE-2010-3877
The getname function in net/tipc/socket.c in the Linux kernel before 2.6.37-rc2 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure...
CVE-2010-3877
The CVE-2010-3877 issue affects the Linux kernel (as cited in MiracleLinux AXSA:2011-143:02 and related advisories) where get_name in net/tipc/socket.c does not initialize a structure, enabling local attackers to read uninitialized kernel stack memory and leak information. Impact is a local infor...