60 matches found
Design/Logic Flaw
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZXRSRCKINDROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater...
CVE-2022-0882 Illegal access to Kernel log in Fuchsia
A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZXRSRCKINDROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater...
CVE-2018-5995
An information-exposure flaw was found in the Linux kernel where the pcpuembedfirstchunk function in mm/percpu.c allows local users to obtain kernel-object address information by reading the kernel log dmesg. However, this address is not static and cannot be used to commit a further attack...
Arbitrary File Read
sudo is vulnerable to arbitrary file read attacks. The vulnerability exists as sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program...
CVE-2018-15001
The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest versionCode=1, versionName=1.0 containing an exported activity app component named com.vivo.bsptest.BSPTestActivity...
CVE-2018-14979
The CVE-2018-14979 entry concerns ASUS ZenFone 3 Max (ASUS_X008_1) with pre-installed com.asus.loguploader. The issue is an exported service, LogUploaderService, accessible via a specific action, that can write a bugreport (kernel log, logcat, system service states including active notifications)...
UBUNTU-CVE-2018-14656
A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log...
Code injection
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
kernel: security and bugfix update (important)
The Linux kernel was updated to fix various bugs and security issues: CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACESETREGS ptrace system call in a crafted application, as demonstrated by ptracedeath. CVE-2013-0160...
Debian DSA-2632-1 : linux-2.6 - privilege escalation/denial of service
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend driver...
Debian Security Advisory DSA 2632-1 (linux-2.6 - privilege escalation/denial of service)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-0231 Jan Beulich provided a fix for an issue in the Xen PCI backend drivers...
CVE-2013-0231
The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...
Information disclosure
The pcibackenablemsi function in the PCI backend driver drivers/xen/pciback/confspacecapabilitymsi.c in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are...
security flaw
The timeoutleases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service kernel log message consumption by causing a large number of broken leases, which is recorded to the log using the printk function...
security flaw
The timeoutleases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service kernel log message consumption by causing a large number of broken leases, which is recorded to the log using the printk function...
CVE-2005-3857
The timeoutleases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service kernel log message consumption by causing a large number of broken leases, which is recorded to the log using the printk function...
CVE-2000-0747
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon klogd and kills it...
CVE-2000-0747
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon klogd and kills it...