Lucene search
+L

102 matches found

securityvulns
securityvulns
added 2015/05/05 12:0 a.m.76 views

AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5%

A security issue in Linux ASLR implementation which affects some AMD processors has been found. The issue affects to all Linux process even if they are not using shared libraries statically compiled. The problem appears because some mmapped objects VDSO, libraries, etc. are poorly randomized in a...

0.9AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2015/04/13 2:17 p.m.56 views

Security update for the Linux Kernel (important)

The Linux kernel was updated to fix various bugs and security issues. Following security issues were fixed: - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the Linux kernels madvise MADVWILLNEED functionality handled page table locking. A local, unprivileged user could have...

7.2CVSS1.9AI score0.05489EPSS
Exploits6References16
Tenable Nessus
Tenable Nessus
added 2015/02/27 12:0 a.m.34 views

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2513-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4References9
Tenable Nessus
Tenable Nessus
added 2015/02/27 12:0 a.m.50 views

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS7AI score0.05489EPSS
Exploits4References13
OpenVAS
OpenVAS
added 2015/02/27 12:0 a.m.55 views

Ubuntu: Security Advisory (USN-2513-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS7AI score0.05489EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2015/02/27 12:0 a.m.46 views

Ubuntu: Security Advisory (USN-2514-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS7AI score0.05489EPSS
Exploits4References2
Ubuntu
Ubuntu
added 2015/02/26 11:31 a.m.79 views

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:22 a.m.76 views

USN-2516-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:18 a.m.76 views

USN-2515-1: Linux kernel (Trusty HWE) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

7.8CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:13 a.m.83 views

USN-2514-1: Linux kernel (OMAP4) vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4
Ubuntu
Ubuntu
added 2015/02/26 11:9 a.m.81 views

USN-2513-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

6.9CVSS6.8AI score0.05489EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2015/02/24 12:0 a.m.52 views

Debian DSA-3170-1 : linux - security update

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. - CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use...

10CVSS7AI score0.09828EPSS
Exploits7References23
OpenVAS
OpenVAS
added 2015/02/23 12:0 a.m.49 views

Debian Security Advisory DSA 3170-1 (linux - security update)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation. CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules. A local user can use...

10CVSS0.5AI score0.09828EPSS
Exploits7References1
Tenable Nessus
Tenable Nessus
added 2015/02/02 12:0 a.m.69 views

OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)

The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long Orabug 19951108 - Use a /sys/devices/system/cpu/online for SCNPROCESSORSONLN implementation Orabug 17642251 Joe Jin - Fix parsing of numeric hosts ...

10CVSS7.9AI score0.94859EPSS
Exploits34References7
CNVD
CNVD
added 2015/01/13 12:0 a.m.1 views

Linux Kernel 'vdso_addr()' Function Local Security Bypass Vulnerability

The Linux Kernel is the kernel of the Linux operating system. The vdsoaddr function in arch/x86/vdso/vma.c in Linux kernel 3.18.2 and earlier versions fails to correctly select the storage unit for the VDSO region, which allows a local user to bypass the ASLR protection mechanism by guessing the...

2.1CVSS6.3AI score0.00557EPSS
Exploits1References1
OSV
OSV
added 2015/01/09 9:59 p.m.6 views

CVE-2014-9585

The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...

5.1AI score
Exploits0References34
Cvelist
Cvelist
added 2015/01/09 9:0 p.m.29 views

CVE-2014-9585

The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...

5AI score0.00557EPSS
Exploits1References24
Debian CVE
Debian CVE
added 2015/01/09 9:0 p.m.55 views

CVE-2014-9585

The vdsoaddr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD...

2.1CVSS6.5AI score0.00557EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.46 views

OracleVM 3.3 : glibc (OVMSA-2014-0017)

The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, - Don't use alloca in addgetnetgrentX 1087789. - Adjust...

7.5CVSS7.6AI score0.18099EPSS
Exploits6References5
Oracle linux
Oracle linux
added 2014/10/15 12:0 a.m.60 views

glibc security, bug fix, and enhancement update

2.12-1.149 - Remove gconv transliteration loadable modules support CVE-2014-5119, - nlfindlocale: Improve handling of crafted locale names CVE-2014-0475, 2.12-1.148 - Switch gettimeofday from INTUSE to libchiddenproto 1099025. 2.12-1.147 - Fix stack overflow due to large AFINET6 requests...

7.5CVSS0.18099EPSS
Exploits5
Rows per page
Query Builder