Vulnerability & Exploit Database

Displaying entries 1 - 10 of 20 in total

Results for: CVE-2014-0181 Back to search

SUSE: CVE-2014-8275: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 08, 2015

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/...

SUSE: CVE-2014-3572: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 08, 2015

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.

SUSE: CVE-2014-3571: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 08, 2015

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record funct...

SUSE: CVE-2014-3570: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 08, 2015

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, an...

SUSE Linux Security Advisory: SUSE-SU-2014:1677-1 Vulnerability

  • Severity: 8
  • Published: November 10, 2014

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

ELSA-2015-0290 Important: Oracle Linux kernel security, bug fix, and enhancement update Vulnerability

  • Severity: 8
  • Published: September 28, 2014

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

RHSA-2014:1023: kernel security and bug fix update Vulnerability

  • Severity: 7
  • Published: August 01, 2014

The kernel packages contain the Linux kernel, the core of any Linuxoperating system.Red Hat would like to thank Martin Schwidefsky of IBM for reportingCVE-2014-3534, Andy Lutomirski for reporting CVE-2014-0181, and Gopal ReddyKodudula of Nokia Siemens Networks for reporting CVE-2014-4667.This update also fixes the following bugs:All kern...

ELSA-2014-1023 Important: Oracle Linux kernel security and bug fix update Vulnerability

  • Severity: 7
  • Published: July 19, 2014

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace ...

USN-2337-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

USN-2336-1: Linux kernel (Trusty HWE) vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.