Vulnerability & Exploit Database

Displaying entries 1 - 10 of 13 in total

Results for: CVE-2014-4508 Back to search

SUSE Linux Security Advisory: SUSE-SU-2014:1669-1 Vulnerability

  • Severity: 7
  • Published: December 17, 2014

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

SUSE Linux Security Advisory: SUSE-SU-2014:1677-1 Vulnerability

  • Severity: 8
  • Published: November 10, 2014

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

USN-2337-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

USN-2336-1: Linux kernel (Trusty HWE) vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

USN-2334-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

USN-2333-1: Linux kernel (EC2) vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

USN-2332-1: Linux kernel vulnerabilities Vulnerability

  • Severity: 7
  • Published: July 03, 2014

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.

SUSE: CVE-2014-4508: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: June 23, 2014

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.

Amazon Linux AMI: Security patch for kernel (ALAS-2014-368) (multiple CVEs) Vulnerability

  • Severity: 6
  • Published: June 23, 2014

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Amazon Linux AMI: Security patch for lighttpd (ALAS-2014-299) (multiple CVEs) Vulnerability

  • Severity: 8
  • Published: November 20, 2013

lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is rea...