Page 23 of 236 results (0.018 seconds)

CVSS: 4.0EPSS: 0%CPEs: 38EXPL: 0

CVE-2015-0433 – mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU April 2015)

https://notcve.org/view.php?id=CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.41 y anteriores, y 5.6.22 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con InnoDB : DML. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://rhn.redhat.com/errata/RHSA-2015-1629.html http://rhn.redhat.com/errata/RHSA-2015-1647.html http://rhn.redhat.com/errata/RHSA-2015-1665.html http://www.debian.org/security/2015/dsa-3229 http://www.debian.org/security/2015/dsa-3311 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.oracle.com/technetwork/topic •

CVSS: 5.0EPSS: 0%CPEs: 160EXPL: 0

CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher

https://notcve.org/view.php?id=CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el protocolo SSL, no combina correctamente los datos de estados con los datos de claves durante la fase de inicialización, lo que facilita a atacantes remotos realizar ataques de recuperación de texto claro contra los bytes iniciales de un flujo mediante la captura de trafico de la red que ocasionalmente depende de claves afectadas por la debilidad de la invariabilidad (Invariance Weakness), y posteriormente utilizar un acercamiento de fuerza bruta que involucra valores LSB, también conocido como el problema de 'Bar Mitzvah'. • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 1

CVE-2013-7421 – kernel: crypto api unprivileged arbitrary module load via request_module()

https://notcve.org/view.php?id=CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con un nombre de módulo en el campo salg_name, una vulnerabilidad diferente a CVE-2014-9644. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5d26a105b5a73e5635eae0629b42fa0a90e07b7b http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •

CVSS: 6.2EPSS: 0%CPEs: 11EXPL: 1

CVE-2015-0239 – kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code

https://notcve.org/view.php?id=CVE-2015-0239

The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. La función em_sysenter en arch/x86/kvm/emulate.c en el kernel de Linux anterior a 3.18.5, cuando al sistema operativo invitado le falta la inicialización SYSENTER MSR, permite a usuarios del sistema operativo invitado ganar privilegios del sistema operativo invitado o causar una denegación de servicio (caída del sistema operativo invitado) mediante la provocación del uso de un segmento de código de 16 bits para la emulación de una instrucción SYSENTER. It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f3747379accba8e95d70cec0eae0582c8c182050 http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245 http://rhn.redhat.com/errata/RHSA-2015-1272.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/27/6 http://www • CWE-269: Improper Privilege Management CWE-391: Unchecked Error Condition •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

CVE-2014-9644 – kernel: crypto api unprivileged arbitrary module load via request_module()

https://notcve.org/view.php?id=CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421. La API Crypto en el kernel de Linux anterior a 3.18.5 permite a usuarios locales cargar módulos del kernel arbitrarios a través de una llamada al sistema de enlaces para un socket AF_ALG con una expresión de plantilla de módulos entre paréntesis en el campo salg_name, tal y como fue demostrado por la expresión vfat(aes), una vulnerabilidad diferente a CVE-2013-7421. A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4943ba16bbc2db05115707b3ff7b4874e9e3c560 http://rhn.redhat.com/errata/RHSA-2016-0068.html http://www.debian.org/security/2015/dsa-3170 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5 http://www.mandriva.com/security/advisories?name=MDVSA-2015:057 http://www.mandriva.com/security/advisories?name=MDVSA-2015:058 http://www.openwall.com/lists/oss-security/2015/01/24/4 http://www. • CWE-269: Improper Privilege Management CWE-749: Exposed Dangerous Method or Function •