Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux_eus
(Redhat)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2011-07-28 | CVE-2011-2492 | The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. | Linux_kernel, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2011-08-29 | CVE-2011-2213 | The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel before 2.6.39.3 does not properly audit INET_DIAG bytecode, which allows local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880. | Linux_kernel, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2012-06-13 | CVE-2012-2313 | The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | Linux_kernel, Suse_linux_enterprise_server, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_long_life, Enterprise_linux_server_aus, Enterprise_linux_server_eus | N/A | ||
2012-10-03 | CVE-2012-3552 | Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic. | Linux_kernel, Enterprise_linux_eus | 5.9 | ||
2012-11-11 | CVE-2012-4564 | ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM image that triggers an integer overflow, a zero-memory allocation, and a heap-based buffer overflow. | Ubuntu_linux, Debian_linux, Libtiff, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2012-11-23 | CVE-2012-3515 | Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space." | Ubuntu_linux, Debian_linux, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Xen | N/A | ||
2013-02-08 | CVE-2013-0170 | Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. | Ubuntu_linux, Fedora, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Libvirt, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
2013-02-13 | CVE-2012-6075 | Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. | Ubuntu_linux, Debian_linux, Fedora, Opensuse, Qemu, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Virtualization, Linux_enterprise_server | N/A | ||
2013-03-01 | CVE-2011-1182 | kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call. | Linux_kernel, Enterprise_linux, Enterprise_linux_aus, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation | N/A | ||
2013-07-10 | CVE-2013-1896 | mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. | Http_server, Ubuntu_linux, Opensuse, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_workstation, Jboss_enterprise_application_platform | N/A |