U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:3.4:rc5:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,550 matching records.
Displaying matches 1,741 through 1,760.
Vuln ID Summary CVSS Severity
CVE-2016-2184

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

Published: April 27, 2016; 1:59:09 PM -0400
V4.0:(not available)
V3.0: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2143

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.

Published: April 27, 2016; 1:59:08 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 6.9 MEDIUM
CVE-2016-2085

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.

Published: April 27, 2016; 1:59:07 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-2069

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

Published: April 27, 2016; 1:59:07 PM -0400
V4.0:(not available)
V3.0: 7.4 HIGH
V2.0: 4.4 MEDIUM
CVE-2015-8845

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

Published: April 27, 2016; 1:59:05 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2015-8844

The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

Published: April 27, 2016; 1:59:04 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.7 MEDIUM
CVE-2015-8816

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

Published: April 27, 2016; 1:59:03 PM -0400
V4.0:(not available)
V3.1: 6.8 MEDIUM
V2.0: 7.2 HIGH
CVE-2015-8812

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

Published: April 27, 2016; 1:59:02 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2015-7515

The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.

Published: April 27, 2016; 1:59:01 PM -0400
V4.0:(not available)
V3.1: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2015-1339

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

Published: April 27, 2016; 1:59:00 PM -0400
V4.0:(not available)
V3.0: 6.2 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2016-2075

Cross-site scripting (XSS) vulnerability in VMware vRealize Business Advanced and Enterprise 8.x before 8.2.5 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: March 16, 2016; 6:59:03 AM -0400
V4.0:(not available)
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2015-2344

Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: March 16, 2016; 6:59:00 AM -0400
V4.0:(not available)
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2016-1956

Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.

Published: March 13, 2016; 2:59:05 PM -0400
V4.0:(not available)
V3.0: 6.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2016-0823

The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.

Published: March 12, 2016; 4:59:08 PM -0500
V4.0:(not available)
V3.0: 4.0 MEDIUM
V2.0: 2.1 LOW
CVE-2016-0821

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

Published: March 12, 2016; 4:59:05 PM -0500
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2016-0958

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.

Published: February 10, 2016; 3:59:10 PM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-0956

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.

Published: February 10, 2016; 3:59:08 PM -0500
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-0955

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.

Published: February 10, 2016; 3:59:07 PM -0500
V4.0:(not available)
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-0723

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.

Published: February 07, 2016; 10:59:09 PM -0500
V4.0:(not available)
V3.0: 6.8 MEDIUM
V2.0: 5.6 MEDIUM
CVE-2015-8785

The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.

Published: February 07, 2016; 10:59:07 PM -0500
V4.0:(not available)
V3.1: 6.2 MEDIUM
V2.0: 4.9 MEDIUM