2083 matches found
kernel security, bug fix, and enhancement update
2.6.32-573.22.1 - mm always decrement anonvma degree when the vma list is empty Jerome Marchand 1318364 1309898 2.6.32-573.21.1 - fs pipe: fix offset and len mismatch on pipeiovcopytouser failure Seth Jennings 1310148 1302223 CVE-2016-0774 - fs gfs2: Add missing else in transaddmeta/data Robert S...
VulnCheck KEV: CVE-2015-1805
The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly...
UBUNTU-CVE-2016-2847
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service memory consumption by creating many pipes with non-default sizes...
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...
Command injection
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a...
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
Source: https://code.google.com/p/google-security-research/issues/detail?id=515 NVIDIA: Stereoscopic 3D Driver Service Arbitrary Run Key Creation Platform: Windows, NVIDIA Service Version 7.17.13.5382 Class: Elevation of Privilege, Remote Code Execution Summary: The 3D Vision service...
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation
Nvidia Stereoscopic 3D Driver Service 7.17.13.5382 - Arbitrary Run Key Creation Source: https://code.google.com/p/google-security-research/issues/detail?id=515 NVIDIA: Stereoscopic 3D Driver Service Arbitrary Run Key Creation Platform: Windows, NVIDIA Service Version 7.17.13.5382 Class: Elevation...
kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space...
CVE-2006-0097
Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...
CVE-2010-4256
The pipefcntl function in fs/pipe.c in the Linux kernel before 2.6.37 does not properly determine whether a file is a named pipe, which allows local users to cause a denial of service via an FSETPIPESZ fcntl call...
Lenovo System Update elevation of privilege vulnerability (CNVD-2015-07329)
Lenovo System Update aka ThinkVantage System Update is a system update software from Lenovo. The service component of Lenovo System Update, SUService.exe, creates a named pipe to provide system update services to low-privileged processes. A security vulnerability exists in the Lenovo System Updat...
Lenovo System Update elevation of privilege vulnerability (CNVD-2015-07326)
Lenovo System Update aka ThinkVantage System Update is a system update software from Lenovo. The service component of Lenovo System Update, SUService.exe, creates a named pipe to provide system update services to low-privileged processes.A security vulnerability exists in Lenovo System Update...
Lenovo System Update Elevation of Privilege Vulnerability
Lenovo System Update aka ThinkVantage System Update is a system update software from Lenovo. The service component of Lenovo System Update, SUService.exe, creates a named pipe to provide system update services to a low-privileged process.A security vulnerability in Lenovo System Update software...
Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass (MS15-111)
Microsoft Windows 10 - Sandboxed Mount Reparse Point Creation Mitigation Bypass MS15-111 Source: https://code.google.com/p/google-security-research/issues/detail?id=486 Windows: Sandboxed Mount Reparse Point Creation Mitigation Bypass Platform: Windows 10 build 10240, earlier versions do not have...
Lenovo System Update Signature Validation Bypass Vulnerability
Lenovo System Update aka ThinkVantage System Update is a system update software from Lenovo. The service component of Lenovo System Update, SUService.exe, creates a named pipe to provide system update services to low-privileged processes.A security vulnerability in Lenovo System Update software...
IBM HTTP Server 6.0 <= 6.0.2.43 (FP43) / 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.7 (FP7) Named Pipe DoS
The IBM HTTP Server running on the remote host is version 6.0 prior to or equal to 6.0.2.43, 6.1 prior to or equal to 6.1.0.47, 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.11, or 8.5 prior to 8.5.5.7. It is, therefore, affected by a flaw in the Apache Portable Runtime APR that is triggered when an...
CentOS Update for pam CESA-2015:1640 centos7
Check the version of pam SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882253";...
pam: DoS/user enumeration due to blocking pipe in pam_unix module
It was discovered that the unixrunhelperbinary function of PAM's unixpam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unixpam module could use this flaw to enumerate valid user accounts, or cause a...
pam security update
1.1.1-20.1 - fix CVE-2015-3238 - DoS due to blocking pipe with very long password...
SUSE-SU-2015:1224-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the following bugs and security issues. The following security issues have been fixed: - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch bsc936831, CVE-2015-5364, CVE-2015-5366. - Btrfs: make xattr replace operatio...