Vulnerability & Exploit Database

Displaying entries 1 - 10 of 81 in total

Results for: CVE-2016-1247 Back to search

SUSE: CVE-2016-10200: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: March 06, 2017

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.<...

SUSE: CVE-2016-10044: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: February 06, 2017

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.

SUSE: CVE-2016-10208: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: February 05, 2017

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.

SUSE: CVE-2016-9588: SUSE Linux Security Advisory Vulnerability

  • Severity: 2
  • Published: December 27, 2016

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.

Gentoo Linux: CVE-2016-1247: NGINX: Privilege escalation Vulnerability

  • Severity: 7
  • Published: November 28, 2016

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain ro...

Debian: CVE-2016-1247: nginx -- security update Vulnerability

  • Severity: 7
  • Published: October 24, 2016

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain ro...

Ubuntu: USN-3114-1 (CVE-2016-1247): nginx vulnerability Vulnerability

  • Severity: 7
  • Published: October 24, 2016

The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain ro...

SUSE: CVE-2016-7117: SUSE Linux Security Advisory Vulnerability

  • Severity: 10
  • Published: October 09, 2016

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

SUSE: CVE-2016-3070: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: August 05, 2016

The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.

SUSE: CVE-2016-5243: SUSE Linux Security Advisory Vulnerability

  • Severity: 2
  • Published: June 26, 2016

The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.