• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

                                        2016 VULNERABILITY DATABASE

     

     

     

    CVE-2015-8746

    Summary: fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.

    Published: 5/2/2016 6:59:19 AM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

     

    CVE-2015-8324

    Summary: The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

    Published: 5/2/2016 6:59:18 AM

     

    CVSS Severity: v3 - 4.6 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2015-8019

    Summary: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.

    Published: 5/2/2016 6:59:17 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2015-4178

    Summary: The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call, related to fs/fs_pin.c and include/linux/fs_pin.h.

    Published: 5/2/2016 6:59:16 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2015-4177

    Summary: The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a denial of service (system crash) by leveraging user-namespace root access for an MNT_DETACH umount2 system call.

    Published: 5/2/2016 6:59:15 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2015-4176

    Summary: fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of a file or directory.

    Published: 5/2/2016 6:59:13 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

     

    CVE-2015-4170

    Summary: Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.

    Published: 5/2/2016 6:59:12 AM

     

    CVSS Severity: v3 - 4.7 MEDIUM      v2 - 4.7 MEDIUM

     

    CVE-2015-2686

    Summary: net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.

    Published: 5/2/2016 6:59:11 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2015-2672

    Summary: The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection against instruction faulting, which allows local users to cause a denial of service (panic) by triggering a fault, as demonstrated by an unaligned memory operand or a non-canonical address memory operand.

    Published: 5/2/2016 6:59:10 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2015-1573

    Summary: The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

    Published: 5/2/2016 6:59:08 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2015-1350

    Summary: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

    Published: 5/2/2016 6:59:07 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

     

    CVE-2014-9717

    Summary: fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.

    Published: 5/2/2016 6:59:06 AM

     

    CVSS Severity: v3 - 6.1 MEDIUM      v2 - 3.6 LOW

     

    CVE-2012-6701

    Summary: Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec.

    Published: 5/2/2016 6:59:05 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2012-6689

    Summary: The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages.

    Published: 5/2/2016 6:59:03 AM

     

    CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

     

    CVE-2011-5321

    Summary: The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory.

    Published: 5/2/2016 6:59:02 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.9 MEDIUM

     

    CVE-2008-7316

    Summary: mm/filemap.c in the Linux kernel before 2.6.25 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers an iovec of zero length, followed by a page fault for an iovec of nonzero length.

    Published: 5/2/2016 6:59:01 AM

     

    CVSS Severity: v3 - 5.5 MEDIUM      v2 - 2.1 LOW

     

    CVE-2003-1604

    Summary: The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787.

    Published: 5/2/2016 6:59:00 AM

     

    CVSS Severity: v3 - 7.5 HIGH      v2 - 7.8 HIGH

     

    CVE-2016-4421

    Summary: epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data.

    Published: 4/30/2016 9:59:07 PM

     

    CVSS Severity: v3 - 5.9 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-4420

    Summary: The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

    Published: 4/30/2016 9:59:06 PM

     

    CVSS Severity: v3 - 5.9 MEDIUM      v2 - 4.3 MEDIUM

     

    CVE-2016-4419

    Summary: epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

    Published: 4/30/2016 9:59:05 PM

     

    CVSS Severity: v3 - 5.9 MEDIUM      v2 - 4.3 MEDIUM

     

     

    <<< New  Older >>>

     

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More