322 matches found
FreeBSD Privilege Permission and Access Control Issues Vulnerability
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in the cdrom driver in FreeBSD. An attacker can exploit this vulnerability to arbitrarily overwrite kernel memory and gain root privileges...
CVE-2019-5602
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...
CVE-2019-5602
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...
Design/Logic Flaw
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...
CVE-2019-5602
In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...
CVE-2019-5602
Removed by vendor...
Memory Corruption And Code Execution
Linux kernel is vulnerable to memory corruption vulnerability. The vulnerability exists in the function cdromioctlmediachanged of the file drivers/cdrom/cdrom.c. A privileged user could use an incorrect bounds check in the CDROM driver CDROMMEDIACHANGED ioctl to read out some kernel memory conten...
Heap-Based Buffer Overflow
KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer...
EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1188)
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An information leak was discovered in the Linux kernel in cdromioctldrivestatus function in drivers/cdrom/cdrom.c that could be used...
[SECURITY] Fedora 28 Update: libarchive-3.3.3-6.fc28
Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...
[SECURITY] Fedora 30 Update: libarchive-3.3.3-6.fc30
Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...
openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-14633: A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in a way an authentication request from an ISCSI initiator is...
[SECURITY] Fedora 29 Update: libarchive-3.3.3-6.fc29
Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...
EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1027)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c could be used b...
SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)
The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-9516: In hiddebugeventsread of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead...
USN-3848-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3848-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...
EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2018-1407)
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdromioctldrivestatus in drivers/cdrom/cdrom.c cou...
Ubuntu 18.10 : Linux kernel vulnerability (USN-3846-1)
It was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information kernel memory. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu securi...
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3847-2 advisory. USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3849-1 advisory. It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial...