CVE-2015-0381 – mysql: unspecified vulnerability related to Server:Replication (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0381
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores y 5.6.21 y anteriores permite a atacantes remotos afectar la disponibilidad a través de vectores desconocidos relacionados con Server : Replication, una vulnerabilidad diferente a CVE-2015-0382. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-0116.html http://rhn.redhat.com/errata/RHSA-2015-0117.html http://rhn.redhat.com/errata/RHSA-2015-0118.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://secunia.com/advisories/62728 http://secunia.com/advisories/62730 http://secunia.com/advisories/62732 http://www.debia •
CVE-2014-6568 – mysql: unspecified vulnerability related to Server:InnoDB:DML (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2014-6568
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores, y 5.6.21 y anteriores, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : InnoDB : DML. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-0116.html http://rhn.redhat.com/errata/RHSA-2015-0117.html http://rhn.redhat.com/errata/RHSA-2015-0118.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://secunia.com/advisories/62728 http://secunia.com/advisories/62730 http://secunia.com/advisories/62732 http://www.debia •
CVE-2014-9584 – kernel: isofs: unchecked printing of ER records
https://notcve.org/view.php?id=CVE-2014-9584
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una imagen iso9660 manipulada. An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.o • CWE-20: Improper Input Validation •
CVE-2014-9585 – kernel: ASLR bruteforce possible for vdso library
https://notcve.org/view.php?id=CVE-2014-9585
The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de una localización al final de un PMD. An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 http://git.kernel.org/?p=linux/kernel/git/tip/tip.git%3Ba=commit%3Bh=fbe1bf140671619508dfa575d74a185ae53c5dbb http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148480.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg0 •
CVE-2014-9322 – Linux Kernel - 'BadIRET' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-9322
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. arch/x86/kernel/entry_64.S en el kernel de Linux anterior a 3.17.5 no maneja correctamente los fallos asociados con el registro de segmento Stack Segment (SS), lo que permite a usuarios locales ganar privilegios mediante la provocación de una instrucción IRET que lleva al acceso a una dirección de GS Base del espacio equivocado. A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. • https://www.exploit-db.com/exploits/44205 https://www.exploit-db.com/exploits/36266 https://github.com/RKX1209/CVE-2014-9322 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6f442be2fb22be02cafa606f1769fa1e6f894441 http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l= • CWE-269: Improper Privilege Management CWE-841: Improper Enforcement of Behavioral Workflow •