Linux Enterprise High Availability Extension Security Vulnerabilities and Issues — Linux Enterprise High Availability Extension CVE List

Lucene search

SuseLinux Enterprise High Availability Extension

11 matches found

CVE•added 2014/06/07 2:55 p.m.•1055 views

CVE-2014-3153

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.

7.8CVSS6.5AI score0.82581EPSS

CVE•added 2014/03/14 3:55 p.m.•893 views

CVE-2014-2323

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.

9.8CVSS9.8AI score0.926EPSS

CVE•added 2014/03/14 3:55 p.m.•309 views

CVE-2014-2324

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, related to request_check_hostname.

5CVSS9.2AI score0.74389EPSS

CVE•added 2014/05/11 9:55 p.m.•118 views

CVE-2014-1737

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.

7.2CVSS6.2AI score0.0007EPSS

CVE•added 2014/05/11 9:55 p.m.•110 views

CVE-2014-1738

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to...

2.1CVSS5.9AI score0.00022EPSS

CVE•added 2014/04/14 11:55 p.m.•107 views

CVE-2014-2706

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c.

7.1CVSS7.8AI score0.03939EPSS

CVE•added 2014/06/23 11:21 a.m.•93 views

CVE-2014-1739

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioc...

2.1CVSS5.5AI score0.00107EPSS

CVE•added 2014/06/05 8:55 p.m.•92 views

CVE-2014-3467

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data.

5CVSS6AI score0.07799EPSS

CVE•added 2014/06/23 11:21 a.m.•88 views

CVE-2014-4027

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

2.3CVSS6.6AI score0.00091EPSS

CVE•added 2014/06/05 8:55 p.m.•84 views

CVE-2014-3468

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds access via crafted ASN.1 data.

7.5CVSS5.8AI score0.07656EPSS

CVE•added 2014/06/05 8:55 p.m.•73 views

CVE-2014-3469

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a NULL value in an ivalue argument.

5CVSS5.6AI score0.06235EPSS