Lucene search
+L

39 matches found

Tenable Nessus
Tenable Nessus
added 2014/11/28 12:0 a.m.53 views

Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)

Multiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause...

7.8CVSS6.7AI score0.08579EPSS
Exploits7References12
Ubuntu
Ubuntu
added 2014/11/25 4:8 a.m.105 views

USN-2420-1: Linux kernel vulnerabilities

A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...

7.5CVSS6.9AI score0.05421EPSS
Exploits1
Ubuntu
Ubuntu
added 2014/11/25 3:20 a.m.105 views

USN-2419-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...

7.5CVSS6.9AI score0.05421EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/11/25 12:0 a.m.277 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2419-1)

A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...

7.5CVSS6.9AI score0.05421EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2014/11/25 12:0 a.m.58 views

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2420-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2420-1 advisory. A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A...

7.5CVSS7.1AI score0.05421EPSS
Exploits1References5
Mageia
Mageia
added 2014/11/15 6:31 p.m.60 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 caus...

7.2CVSS7.3AI score0.01168EPSS
Exploits6References7
OSV
OSV
added 2014/10/13 10:55 a.m.11 views

CVE-2014-7970

The pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service mount-tree loop via . dot values in both arguments to the pivotroot system call...

5.5CVSS5.8AI score
Exploits0References26
Gentoo Linux
Gentoo Linux
added 2014/02/06 12:0 a.m.25 views

stunnel: Arbitrary code execution

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description A buffer overflow vulnerability has been discovered in stunnel. Please review the CVE identifier referenced below for details. Impact A remote attacker could...

6.6CVSS7.2AI score0.02932EPSS
Exploits0
OSV
OSV
added 2013/04/24 7:55 p.m.6 views

DEBIAN-CVE-2013-1956

The createuserns function in kernel/usernamespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call...

2.1CVSS6AI score0.00383EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.32 views

FreeBSD : stunnel -- Remote Code Execution (c97219b6-843d-11e2-b131-000c299b62e1)

Michal Trojnara reports : 64-bit versions of stunnel with the following conditions : NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the 'connect' option or execute MITM attacks on the...

6.6CVSS8.7AI score0.02932EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2013/03/03 12:0 a.m.43 views

stunnel -- Remote Code Execution

Michal Trojnara reports: 64-bit versions of stunnel with the following conditions: NTLM authentication enabled CONNECT protocol negotiation enabled Configured in SSL client mode An attacker that can either control the proxy server specified in the "connect" option or execute MITM attacks on the T...

6.6CVSS7.5AI score0.02932EPSS
Exploits0References1
Snyk
Snyk
added 2009/10/01 3:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard...

7.8CVSS6.7AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2009/10/01 3:0 p.m.456 views

CVE-2009-2904

CVE-2009-2904 is a local privilege-escalation flaw in OpenSSH related to a Red Hat modification of the ChrootDirectory feature. The issue affects OpenSSH 4.8 used by sshd in OpenSSH 4.3 on Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allowing a local user to gain privileges via hard links t...

6.9CVSS7.5AI score0.00318EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2009/10/01 3:0 p.m.25 views

CVE-2009-2904

A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux RHEL 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, relate...

6.9CVSS6.5AI score0.00318EPSS
Exploits0
Cent OS
Cent OS
added 2009/09/15 6:27 p.m.148 views

openssh security update

CentOS Errata and Security Advisory CESA-2009:1287 Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's...

3.7CVSS6.6AI score0.15395EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2009/09/02 8:0 a.m.104 views

Low: Red Hat Security Advisory: openssh security, bug fix, and enhancement update

Updated openssh packages that fix a security issue, a bug, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure Shell protocol implementation. These...

3.7CVSS6.6AI score0.15395EPSS
Exploits1References3
NVD
NVD
added 2005/12/28 1:3 a.m.27 views

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

7.2CVSS7AI score0.00433EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2005/12/28 1:3 a.m.20 views

CVE-2005-4532

scponlyc in scponly 4.1 and earlier, when the operating system supports LDPRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LDPRELOAD to...

7.2CVSS6.3AI score0.00433EPSS
Exploits0References1
CVE
CVE
added 2005/12/28 1:0 a.m.49 views

CVE-2005-4532

CVE-2005-4532 affects scponly versions 4.1 and earlier. The root cause is a design/implementation flaw in scponlyc that can be exploited when LD_PRELOAD is available: an unprivileged user can create a chroot directory in their home, hard-link to a system setuid application, and override expected ...

7.2CVSS7AI score0.00433EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder