Xxe

The cpuphysicalmemorywriterominternal function in exec.c in QEMU aka Quick Emulator does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service guest crash via unspecified vectors...

PHP 5.6.x < 5.6.18 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...

SOL95345942 - Linux kernel vulnerability CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. CVE-2015-3339...

CVE-2015-3339

Race condition in the preparebinprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped...

CVE-2010-2784

CVE-2010-2784 affects QEMU-KVM (as used by Red Hat Enterprise Virtualization Hypervisor and KVM) where the subpage MMIO initialization did not properly select the index to access the callback array. This flaw could allow a privileged guest user to crash the guest (denial of service) or, potential...

CVE-2006-6304

The docoredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to OEXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump...

CVE-2006-6304

The CVE-2006-6304 issue affects Linux kernel 2.6.19 where do_coredump in fs/exec.c sets the O_EXCL flag but does not use it, enabling a context-dependent attacker to modify arbitrary files via a core-dump rewrite attack. A fix is available in the kernel changelog (2.6.19.1) and related advisories...

CVE-2005-3107

fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service deadlock by forcing a core dump when the traced thread is in the TASKTRACED state...

CVE-2005-3107

CVE-2005-3107 affects the Linux kernel 2.6 family, where a local attacker tracing a thread that shares the same memory map can cause a denial of service (deadlock) by forcing a core dump when the traced thread is in TASK_TRACED. Public advisories (e.g., RHSA-2006:0437, CESA-2006:0437) document th...

CVE-2005-3107

fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service deadlock by forcing a core dump when the traced thread is in the TASKTRACED state...