Vulnerability & Exploit Database

Displaying all 10 entries

Results for: CVE-2018-0482 Back to search

SUSE: CVE-2018-14647: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: September 24, 2018

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. Python 3.8, 3.7...

SUSE: CVE-2018-1000004: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: January 16, 2018

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

SUSE: CVE-2018-5333: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 11, 2018

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.

SUSE: CVE-2018-5332: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: January 11, 2018

In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).

SUSE: CVE-2017-15129: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 09, 2018

A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability co...

SUSE: CVE-2017-5715: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 04, 2018

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

SUSE: CVE-2017-18017: SUSE Linux Security Advisory Vulnerability

  • Severity: 10
  • Published: January 03, 2018

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

SUSE: CVE-2017-17864: SUSE Linux Security Advisory Vulnerability

  • Severity: 2
  • Published: December 27, 2017

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."

SUSE: CVE-2017-17862: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: December 27, 2017

kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.

SUSE: CVE-2017-17712: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: December 15, 2017

The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges.