U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:linux:linux_kernel:-
There are 3,912 matching records.
Displaying matches 2,941 through 2,960.
Vuln ID Summary CVSS Severity
CVE-2015-1593

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

Published: March 16, 2015; 6:59:07 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1420

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

Published: March 16, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-8172

The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations.

Published: March 16, 2015; 6:59:02 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2014-8159

The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.

Published: March 16, 2015; 6:59:01 AM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2014-7822

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

Published: March 16, 2015; 6:59:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-0342

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341.

Published: March 13, 2015; 1:59:09 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0341

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342.

Published: March 13, 2015; 1:59:08 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0340

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors.

Published: March 13, 2015; 1:59:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0339

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0335.

Published: March 13, 2015; 1:59:06 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0338

Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors.

Published: March 13, 2015; 1:59:06 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0337

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

Published: March 13, 2015; 1:59:05 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0336

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.

Published: March 13, 2015; 1:59:04 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-0335

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339.

Published: March 13, 2015; 1:59:03 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0334

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0336.

Published: March 13, 2015; 1:59:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-0333

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0335, and CVE-2015-0339.

Published: March 13, 2015; 1:59:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-0332

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0333, CVE-2015-0335, and CVE-2015-0339.

Published: March 13, 2015; 1:59:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.

Published: March 12, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2014-9683

Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: March 03, 2015; 6:59:02 AM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2015-0239

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction.

Published: March 02, 2015; 6:59:04 AM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.

Published: March 02, 2015; 6:59:03 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW