1024 matches found
CVE-2014-9357
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted 1 image or 2 build in a Dockerfile in an LZMA .xz archive, related to the chroot for archive extraction...
CVE-2014-9357
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted 1 image or 2 build in a Dockerfile in an LZMA .xz archive, related to the chroot for archive extraction...
PT-2014-8957 · Docker +1 · Docker +1
Name of the Vulnerable Software and Affected Versions: Docker version 1.3.2 Description: The issue allows remote attackers to execute arbitrary code with root privileges. This can be achieved via a crafted image or build in a Dockerfile, specifically when the image or build is contained in an LZM...
Amazon Linux AMI : docker (ALAS-2014-461)
Path traversal attacks are possible in the processing of absolute symlinks. In checking symlinks for traversals, only relative links were considered. This allowed path traversals to exist where they should have otherwise been prevented. This was exploitable via both archive extraction and through...
USN-2447-1 linux-lts-utopic vulnerabilities
Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment SS register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. CVE-2014-9322 An information leak in the Linux kernel was discovered...
Amazon Linux AMI : kernel (ALAS-2014-455)
The sctpprocessparam function in net/sctp/smmakechunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service NULL pointer dereference and system crash via a malformed INIT chunk. CVE-2014-7841 The pivotroot...
Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)
Multiple vulnerabilities has been found and corrected in the Linux kernel : The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause...
USN-2420-1: Linux kernel vulnerabilities
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
USN-2420-1 linux vulnerabilities
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
USN-2419-1: Linux kernel (Trusty HWE) vulnerabilities
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-2420-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2420-1 advisory. A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A...
Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2419-1)
A flaw was discovered in how the Linux kernel's KVM Kernel Virtual Machine subsystem handles the CR4 control register at VM entry on Intel processors. A local host OS user can exploit this to cause a denial of service kill arbitrary processes, or system disruption by leveraging /dev/kvm access...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvmiommumappages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to 1 caus...
CVE-2014-7970
The pivotroot implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service mount-tree loop via . dot values in both arguments to the pivotroot system call...
CentOS 5 : bind97 (CESA-2014:1244)
Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Moderate: Red Hat Security Advisory: bind97 security and bug fix update
Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
wu-ftpd <= 2.6.1 - Remote Root Exploit
No description provided by source. / 7350wurm - x86/linux wuftpd remote root exploit TESO CONFIDENTIAL - SOURCE MATERIALS This is unpublished proprietary source code of TESO Security. The contents of these coded instructions, statements and computer programs may not be disclosed to third parties,...
wu-ftpd 2.4.2/2.5 .0/2.6 .0/2.6.1/2.6.2 - FTP Conversion Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2240/info Some FTP servers provide a conversion service that pipes a requested file through a program, for example a decompression utility such as tar, before it is passed to the remote user. Under some configurations whe...
Linux Kernel 2.6.x SMBFS CHRoot Security Restriction Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17735/info The Linux Kernel is prone to a vulnerability that allows attackers to bypass a security restriction. This issue is due to a failure in the kernel to properly sanitize user-supplied data. The problem affects...
Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 FTP Server Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1411/info Certain versions of the LDAP-aware Netscape Professional Services FTP Server distributed with Enterprise Web Server have a serious vulnerability which may lead to a remote or local root compromise. The...