Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Evergreen
(Opensuse)| Repositories | https://github.com/torvalds/linux |
| #Vulnerabilities | 43 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-11-10 | CVE-2014-3687 | The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | Ubuntu_linux, Debian_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Evergreen, Linux, Enterprise_mrg, Linux_enterprise_real_time_extension, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | 7.5 | ||
| 2014-11-10 | CVE-2014-3690 | arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. | Ubuntu_linux, Debian_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Evergreen, Enterprise_linux, Linux_enterprise_real_time_extension, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | 5.5 | ||
| 2014-11-10 | CVE-2014-7826 | kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. | Linux_kernel, Evergreen, Suse_linux_enterprise_server | 7.8 | ||
| 2014-12-12 | CVE-2014-8134 | The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. | Ubuntu_linux, Linux_kernel, Evergreen, Opensuse, Linux, Suse_linux_enterprise_server | 3.3 | ||
| 2015-01-09 | CVE-2014-9584 | The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. | Ubuntu_linux, Debian_linux, Linux_kernel, Evergreen, Opensuse, Linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Linux_enterprise_desktop, Linux_enterprise_real_time_extension, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension | N/A | ||
| 2014-10-15 | CVE-2014-0564 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. | Air_desktop_runtime, Air_sdk, Flash_player, Flash_player_desktop_runtime, Evergreen, Opensuse, Linux_enterprise_desktop | N/A | ||
| 2014-10-15 | CVE-2014-0569 | Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. | Air_desktop_runtime, Air_sdk, Flash_player, Flash_player_desktop_runtime, Evergreen, Opensuse, Linux_enterprise_desktop | N/A | ||
| 2014-09-27 | CVE-2014-5459 | The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | Evergreen, Opensuse, Solaris, Php | N/A | ||
| 2014-12-16 | CVE-2014-9323 | The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. | Ubuntu_linux, Debian_linux, Firebird, Evergreen | N/A | ||
| 2014-11-10 | CVE-2014-8559 | The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. | Ubuntu_linux, Linux_kernel, Suse_linux_enterprise_desktop, Suse_linux_enterprise_server, Evergreen, Opensuse, Linux, Linux_enterprise_real_time_extension, Linux_enterprise_software_development_kit, Linux_enterprise_workstation_extension, Suse_linux_enterprise_server | N/A |