Skip to main content

Linux Enterprise High Availability Extension

16 CVEs product

Monthly

CVE-2015-3281 MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy Ubuntu Linux Openstack Cloud +8
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2014-4027 LOW PATCH Monitor

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain. Rated low severity (CVSS 2.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Enterprise Linux Ubuntu Linux +23
NVD GitHub
CVSS 2.0
2.3
EPSS
0.1%
CVE-2014-1739 LOW POC Monitor

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux Linux Enterprise High Availability Extension +2
NVD GitHub Exploit-DB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3469 MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls Libtasn1 Virtualization +11
NVD
CVSS 2.0
5.0
EPSS
8.7%
CVE-2014-3468 HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 Virtualization Debian Linux +11
NVD
CVSS 2.0
7.5
EPSS
10.7%
CVE-2014-3467 MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls Libtasn1 Virtualization +12
NVD
CVSS 2.0
5.0
EPSS
6.8%
CVE-2014-1738 LOW Monitor

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel Enterprise Linux Eus Debian Linux +4
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-1737 HIGH This Week

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux Linux Enterprise Desktop +4
NVD GitHub
CVSS 2.0
7.2
EPSS
0.0%
CVE-2014-2706 HIGH POC PATCH This Week

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Race Condition Linux Linux Kernel Linux Enterprise High Availability Extension +2
NVD GitHub VulDB
CVSS 2.0
7.1
EPSS
3.1%
CVE-2014-2324 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Path Traversal Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +2
NVD VulDB
CVSS 2.0
5.0
EPSS
71.7%
Threat
4.7
CVE-2014-2323 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

SQLi Lighttpd Debian Linux Opensuse Linux Enterprise High Availability Extension +1
NVD VulDB
CVSS 3.1
9.8
EPSS
90.4%
Threat
6.2
CVE-2013-3301 HIGH POC PATCH This Week

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Enterprise Linux Enterprise Mrg +3
NVD Exploit-DB GitHub
CVSS 2.0
7.2
EPSS
0.5%
CVE-2012-1146 MEDIUM POC PATCH This Month

The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Fedora +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2012-1097 HIGH PATCH This Week

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference Linux Kernel Enterprise Linux +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2012-1090 MEDIUM PATCH This Month

The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Mrg Linux Enterprise Desktop +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2012-0879 MEDIUM PATCH This Month

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux +3
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Debian Linux Haproxy +10
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain. Rated low severity (CVSS 2.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +25
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel +4
NVD GitHub Exploit-DB
EPSS 9% CVSS 5.0
MEDIUM PATCH This Month

The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU Libtasn1 before 3.6 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Null Pointer Dereference Gnutls +13
NVD
EPSS 11% CVSS 7.5
HIGH PATCH Act Now

The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not properly report an error when a negative bit length is identified, which allows context-dependent attackers to cause out-of-bounds. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.7%.

Buffer Overflow Gnutls Libtasn1 +13
NVD
EPSS 7% CVSS 5.0
MEDIUM PATCH This Month

Multiple unspecified vulnerabilities in the DER decoder in GNU Libtasn1 before 3.6, as used in GnuTLS, allow remote attackers to cause a denial of service (out-of-bounds read) via crafted ASN.1 data. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Buffer Overflow Gnutls +14
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel +6
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel +6
NVD GitHub
EPSS 3% CVSS 7.1
HIGH POC PATCH This Week

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Race Condition Linux +4
NVD GitHub VulDB
EPSS 72% 4.7 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 71.7%.

Path Traversal Lighttpd Debian Linux +4
NVD VulDB
EPSS 90% 6.2 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.

SQLi Lighttpd Debian Linux +3
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +5
NVD Exploit-DB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in the Linux kernel before 3.2.10 does not properly handle multiple events that are attached to the same eventfd, which allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Null Pointer Dereference +5
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The regset (aka register set) feature in the Linux kernel before 3.2.10 does not properly handle the absence of .get and .set methods, which allows local users to cause a denial of service (NULL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Linux Null Pointer Dereference +6
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before 3.2.10 allows local users to cause a denial of service (OOPS) via attempted access to a special file, as demonstrated by a FIFO. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel +4
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The I/O implementation for block devices in the Linux kernel before 2.6.33 does not properly handle the CLONE_IO feature, which allows local users to cause a denial of service (I/O instability) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel +5
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy