Lucene search
K

2017 matches found

CNVD
CNVD
added 2016/03/24 12:0 a.m.2 views

Linux kernel memory leak vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a program's failure to properly keep buffer offsets and lengths synchronized after an atomic read failure. ...

6.8CVSS6.8AI score0.00337EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/03/22 9:50 p.m.7 views

kernel: pipe buffer state corruption after unsuccessful atomic read from pipe

It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...

6.8CVSS6.9AI score0.00337EPSS
Exploits0References4
OSV
OSV
added 2016/03/08 12:0 a.m.2 views

UBUNTU-CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption by leveraging mishandling of XML transformations...

8.8CVSS7.7AI score0.02842EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2016/03/08 12:0 a.m.44 views

Debian Security Advisory DSA 3503-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, information leak or data loss. CVE-2013-4312 Tetsuo Handa discovered that users can use pipes queued on local Unix sockets to allocate an unfair share of kernel memory,...

10CVSS0.8AI score0.14281EPSS
Exploits17References1
OSV
OSV
added 2016/02/28 12:0 a.m.48 views

DLA-439-1 linux-2.6 - security update

Bulletin has no description...

10CVSS7.1AI score0.14281EPSS
Exploits10
RedHat Linux
RedHat Linux
added 2016/02/02 4:58 p.m.4 views

kernel: pipe buffer state corruption after unsuccessful atomic read from pipe

It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...

6.8CVSS6.9AI score0.00337EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/11/19 7:56 p.m.6 views

kernel: pipe buffer state corruption after unsuccessful atomic read from pipe

It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...

6.8CVSS6.9AI score0.00337EPSS
Exploits0References4
OSV
OSV
added 2015/07/31 10:31 a.m.8 views

SUSE-SU-2015:1224-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the following bugs and security issues. The following security issues have been fixed: - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch bsc936831, CVE-2015-5364, CVE-2015-5366. - Btrfs: make xattr replace operatio...

7.8CVSS6.7AI score0.06267EPSS
Exploits10References28
Oracle linux
Oracle linux
added 2015/07/28 12:0 a.m.129 views

kernel security, bug fix, and enhancement update

2.6.32-573 - security selinux: dont waste ebitmap space when importing NetLabel categories Paul Moore 1130197 - x86 Revert Add driver auto probing for x86 features v4 Prarit Bhargava 1231280 - net bridge: netfilter: dont call iptables on vlan packets if sysctl is off Florian Westphal 1236551 - ne...

7.2CVSS0.2AI score0.04517EPSS
Exploits4
CNVD
CNVD
added 2015/06/26 12:0 a.m.3 views

Project Atomic Security Bypass Code Execution Vulnerability

Project Atomic is a suite of software that supports the creation and running of applications using Linux and Docker containers. A security vulnerability exists in Project Atomic that allows remote attackers to exploit the vulnerability to execute arbitrary code via a man-in-the-middle attack...

5.9CVSS7.8AI score0.01957EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/09 2:47 p.m.8 views

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

7.2CVSS7.1AI score0.01407EPSS
Exploits3References4
CNVD
CNVD
added 2015/06/05 12:0 a.m.4 views

Multiple Local Memory Corruption Vulnerabilities in Linux Kernel 'fs/pipe.c'

The Linux Kernel is the kernel of the Linux operating system. A memory corruption vulnerability exists in the Linux kernel's implementation of the vectored pipe read/write function, which fails to take into account already processed I/O vectors when retrying after an atomic access operation has...

7.2CVSS6.7AI score0.01407EPSS
Exploits3References1
Oracle linux
Oracle linux
added 2015/05/12 12:0 a.m.31 views

kexec-tools security, bug fix, and enhancement update

2.0.7-19.0.1.el71.2 - kdumpctl: exclude defaulthugepagesz setting from kdump kernel cmdline Sriharsha Yadagudde Orabug: 19134999 - kdumpctl: verify if kernel support securelevel interface Sriharsha Yadagudde Orabug: 18905671 2.0.7-19.2 - dracut-module-setup: Enhance kdump to support the bind...

3.6CVSS6.2AI score0.00355EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2015/04/14 1:0 p.m.63 views

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

7.8CVSS7AI score0.03373EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2015/03/05 3:18 a.m.39 views

Low: Red Hat Security Advisory: docker security, bug fix, and enhancement update

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

10CVSS7.2AI score0.06452EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2015/03/05 12:0 a.m.39 views

RHEL 7 : docker (RHSA-2015:0623)

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

10CVSS7.2AI score0.06452EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/02/24 1:44 p.m.4 views

OpenJDK: AtomicReferenceFieldUpdater missing primitive type check (Libraries, 8039520)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries...

9.3CVSS7.4AI score0.05577EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/12/16 12:0 a.m.36 views

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:1638-1)

This openjdk update fixes the following security and non security issues : - Upgrade to 2.4.8 bnc887530 - Changed back from gzipped tarball to xz - Changed the keyring file to add Andrew John Hughes that signed the icedtea package - Change ZERO to AARCH64 tarball - Removed patches : -...

10CVSS7.8AI score0.10117EPSS
Exploits2References43
NVD
NVD
added 2014/09/18 10:55 a.m.10 views

CVE-2014-5955

The Atomic Fusion aka com.bytesized.fusion application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00271EPSS
Exploits0References3
Prion
Prion
added 2014/09/18 10:55 a.m.9 views

Information disclosure

The Atomic Fusion aka com.bytesized.fusion application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00271EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder