Page 15 of 72 results (0.008 seconds)

CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-4170 – kernel: pty layer race condition on tty ldisc shutdown.

https://notcve.org/view.php?id=CVE-2015-4170

Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread. Condición de carrera en la función ldsem_cmpxchg en drivers/tty/tty_ldsem.c en el kernel de Linux en versiones anteriores a 3.13-rc4-next-20131218 permite a usuarios locales provocar una denegación de servicio (interbloqueo de ldsem_down_read y ldsem_down_write) estableciendo un nuevo hilo tty durante la desconexión de un hilo tty previo. A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. • http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae http://www.openwall.com/lists/oss-security/2015/05/26/1 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/74820 https://access.redhat.com/errata/RHSA-2016:1395 https://bugzilla.redhat.com/show_bug.cgi?id=1218879 https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae https://www.kernel.org/pub/linu • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-667: Improper Locking •

CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0

CVE-2015-4902 – Oracle Java SE Integrity Check Vulnerability

https://notcve.org/view.php?id=CVE-2015-4902

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. Vulnerabilidad no especificada en Oracle Java SE 6u101, 7u85 y 8u60 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Deployment. Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-12 •