Lucene search
K

5011 matches found

CVE
CVE
added 2014/10/13 10:0 a.m.76 views

CVE-2014-7284

CVE-2014-7284 affects the Linux kernel’s net_get_random_once in net/core/utils.c for 3.13.x and 3.14.x before 3.14.5 on certain Intel CPUs. The issue is that the slow-path to seed randomness is not executed, increasing predictability of TCP sequence numbers, TCP/UDP port numbers, and IP ID values...

6.4CVSS5AI score0.03751EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2014/10/13 10:0 a.m.42 views

CVE-2014-7284

The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...

6.4CVSS5.2AI score0.03751EPSS
Exploits1
Cvelist
Cvelist
added 2014/10/13 10:0 a.m.33 views

CVE-2014-7284

The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...

5.1AI score0.03751EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2014/10/13 12:0 a.m.30 views

CVE-2014-7284

The netgetrandomonce implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initialize random seeds, which makes it easier for remote attackers to spoof or disrupt IP communication by...

6.4CVSS6.8AI score0.03751EPSS
Exploits1References5
Fedora
Fedora
added 2014/08/01 6:5 a.m.35 views

[SECURITY] Fedora 19 Update: sdcc-3.3.0-1.fc19

SDCC is a C compiler for 8051 class and similar microcontrollers. The package includes the compiler, assemblers and linkers, a device simulator and a core library. The processors supported to a varying degree include the 8051, ds390, z80, hc08, and PIC...

5CVSS4.1AI score0.03602EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2014/07/28 4:3 p.m.3 views

kernel: x86_64: ptrace: sysret to non-canonical address

It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially...

6.9CVSS6.7AI score0.02324EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.28 views

Oracle Linux 6 : kernel (ELSA-2014-0924)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0924 advisory. - netdrv pppol2tp: fail when socket option level is not SOLPPPOL2TP 1119461 1119462 CVE-2014-4943 Tenable has extracted the preceding description block...

6.9CVSS6.8AI score0.02324EPSS
Exploits12References3
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.40 views

Oracle Linux 7 : kernel (ELSA-2014-0923)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0923 advisory. - net l2tpppp: fail when socket option level is not SOLPPPOL2TP Petr Matousek 1119465 1119466 CVE-2014-4943 Tenable has extracted the preceding...

6.9CVSS6.8AI score0.02324EPSS
Exploits12References3
Tenable Nessus
Tenable Nessus
added 2014/07/20 12:0 a.m.30 views

Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3046)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3046 advisory. - l2tp: fix an unprivileged user to kernel privilege escalation Sasha Levin Orabug: 19229497 CVE-2014-4943 CVE-2014-4943 - ptrace,x86: force IRET path...

7.1CVSS6.9AI score0.09408EPSS
Exploits13References4
Ubuntu
Ubuntu
added 2014/07/17 1:33 a.m.93 views

USN-2290-1: Linux kernel vulnerabilities

Sasha Levin reported a flaw in the Linux kernel's point-to-point protocol PPP when used with the Layer Two Tunneling Protocol L2TP. A local user could exploit this flaw to gain administrative privileges. CVE-2014-4943 Salva Peiró discovered an information leak in the Linux kernel's media- device...

6.9CVSS7.1AI score0.08103EPSS
Exploits11
NVD
NVD
added 2014/07/09 11:7 a.m.24 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

6.9CVSS6.1AI score0.02324EPSS
Exploits6References33
OSV
OSV
added 2014/07/09 11:7 a.m.8 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

6AI score
Exploits0References43
OSV
OSV
added 2014/07/09 11:7 a.m.3 views

DEBIAN-CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

6.9CVSS7.6AI score0.02324EPSS
Exploits6References1
Prion
Prion
added 2014/07/09 11:7 a.m.31 views

Race condition

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

6.9CVSS6.7AI score0.02324EPSS
Exploits6References33Affected Software3
Cvelist
Cvelist
added 2014/07/09 10:0 a.m.25 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

6.2AI score0.02324EPSS
Exploits6References33
Debian CVE
Debian CVE
added 2014/07/09 10:0 a.m.45 views

CVE-2014-4699

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service double...

6.9CVSS6.6AI score0.02324EPSS
Exploits6
CVE
CVE
added 2014/07/09 10:0 a.m.135 views

CVE-2014-4699

CVE-2014-4699 affects the Linux kernel prior to 3.15.4 on Intel CPUs: a non-canonical saved RIP value in system calls that do not use IRET can be exploited via ptrace and fork to escalate privileges or trigger a denial of service (double fault). Multiple connected advisories (e.g., MiracleLinux A...

6.9CVSS6.1AI score0.02324EPSS
Exploits6References33Affected Software1
OpenVAS
OpenVAS
added 2014/07/06 12:0 a.m.31 views

Debian Security Advisory DSA 2972-1 (linux - security update)

Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x8664 processors. An unprivileged user could use this flaw to crash the kernel resulting in denial of service or for privilege escalation. OpenVAS Vulnerability Test $Id:...

6.9CVSS0.3AI score0.02324EPSS
Exploits6References1
OSV
OSV
added 2014/07/06 12:0 a.m.40 views

DSA-2972-1 linux - security update

Bulletin has no description...

6.9CVSS6.8AI score0.02324EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2014/07/06 12:0 a.m.51 views

Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-2274-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2274-1 advisory. Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x8664 processors. An attacker could exploit this flaw to cause a denial of service...

6.9CVSS6.6AI score0.02324EPSS
Exploits6References2
Rows per page
Query Builder