Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:oracle:linux:5:-:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-5403 |
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. Published: August 02, 2016; 12:59:03 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2016-5387 |
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. Published: July 18, 2016; 10:00:19 PM -0400 |
V3.1: 8.1 HIGH V2.0: 6.8 MEDIUM |
CVE-2016-3710 |
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. Published: May 11, 2016; 5:59:01 PM -0400 |
V3.1: 8.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-3195 |
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. Published: December 06, 2015; 3:59:05 PM -0500 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2015-0239 |
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. Published: March 02, 2015; 6:59:04 AM -0500 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2014-9644 |
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. Published: March 02, 2015; 6:59:03 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-7421 |
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. Published: March 02, 2015; 6:59:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2015-0235 |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." Published: January 28, 2015; 2:59:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-9584 |
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. Published: January 09, 2015; 4:59:01 PM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3687 |
The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2014-3673 |
The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Published: November 10, 2014; 6:55:06 AM -0500 |
V3.1: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2014-0203 |
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. Published: June 23, 2014; 7:21:17 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2014-1738 |
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. Published: May 11, 2014; 5:55:05 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-1737 |
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. Published: May 11, 2014; 5:55:05 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-2678 |
The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. Published: April 01, 2014; 2:35:53 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |