6589 matches found
Buffer overflow
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
CVE-2014-8476
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
CVE-2014-8476
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer...
CVE-2014-8476
Removed by vendor...
CVE-2014-8476
Summary: CVE-2014-8476 affects the FreeBSD kernel setlogin/getlogin path where the login-name buffer is not initialized, causing a potential kernel memory disclosure via getlogin. Affected: FreeBSD 8.4 through 10.1-RC4. Impact: local information disclosure; in practice, up to 16 bytes (FreeBSD 8)...
Debian Security Advisory DSA 3070-1 (kfreebsd-9 - security update)
Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a denial of service or information disclosure. CVE-2014-3711 Denial of service through memory leak in sandboxed namei lookups. CVE-2014-3952 Kernel memory disclosure in sockbuf control messages. CVE-2014-3953 Kern...
Oracle Linux 6 : kernel (ELSA-2014-1392)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1392 advisory. - kernel futex: Fix errors in nested key ref-counting Denys Vlasenko 1094458 CVE-2014-0205 Tenable has extracted the preceding description block direct...
Microsoft Windows Kernel 'Win32k.sys' CVE-2014-4113 Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with elevated privileges and gain access to kernel memory. Technologies Affected Microsoft Exchange Server 2003 SP2 Microsoft Windows 7 for 32-bi...
Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
It was found that the trytounmapcluster function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUGON macro in the mlockvmapage function. A local, unprivileged user could use this flaw to crash the system...
kernel: DoS with syscall auditing
An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system...
CVE-2014-4407
IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls...
kernel: DoS with syscall auditing
An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system...
Moderate: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Ubuntu: Security Advisory (USN-2336-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3070)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3070 advisory. - net: Use netlinknscapable to verify the permisions of netlink messages Eric W. Biederman Orabug: 19404229 CVE-2014-0181 - sctp: Fix skackbacklog...
USN-2314-1 linux vulnerability
An flaw was discovered in the Linux kernel's audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service OOPS...
kernel: s390: ptrace: insufficient sanitization when setting psw mask
It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word PSW was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read...
CVE-2014-3534
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a...
UBUNTU-CVE-2014-3534
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a...
CVE-2014-3534
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a...