The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users. Rated medium severity (CVSS 6.9). Public exploit code available.
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system. Rated medium severity (CVSS 6.9). Public exploit code available.
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations,. Rated medium severity (CVSS 6.2). Public exploit code available.
net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN. Rated medium severity (CVSS 6.2). Public exploit code available.
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and. Rated medium severity (CVSS 6.2). Public exploit code available.
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS. Rated medium severity (CVSS 6.8). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other. Rated medium severity (CVSS 6.8). No vendor patch available.
The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain. Rated medium severity (CVSS 6.2). No vendor patch available.
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.
Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.7). No vendor patch available.
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. Rated low severity (CVSS 1.9).
The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from. Rated low severity (CVSS 1.9).
net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. Rated low severity (CVSS 1.9).