A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
Max CVSS
2.3
EPSS Score
0.04%
Published
2023-03-27
Updated
2023-04-03
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
Max CVSS
2.5
EPSS Score
0.04%
Published
2021-06-09
Updated
2022-04-25
gdm3 3.14.2 and possibly later has an information leak before screen lock
Max CVSS
2.4
EPSS Score
0.10%
Published
2019-11-05
Updated
2020-08-18
A password generation weakness exists in xquest through 2016-06-13.
Max CVSS
2.5
EPSS Score
0.05%
Published
2019-11-27
Updated
2023-02-12
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
Max CVSS
2.8
EPSS Score
0.35%
Published
2016-01-21
Updated
2019-04-22
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
Max CVSS
2.1
EPSS Score
0.70%
Published
2016-01-21
Updated
2018-10-30
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.
Max CVSS
2.6
EPSS Score
0.04%
Published
2015-11-24
Updated
2016-12-07
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Max CVSS
2.1
EPSS Score
0.54%
Published
2015-10-22
Updated
2016-12-24
The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.
Max CVSS
2.3
EPSS Score
0.04%
Published
2014-06-23
Updated
2020-08-21
The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.
Max CVSS
2.1
EPSS Score
0.04%
Published
2013-07-04
Updated
2021-07-15
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
Max CVSS
2.6
EPSS Score
0.27%
Published
2013-07-09
Updated
2023-02-13
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the uniq command, which triggers a stack-based buffer overflow in the alloca function.
Max CVSS
2.1
EPSS Score
0.06%
Published
2013-11-23
Updated
2023-02-13
Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c.
Max CVSS
2.9
EPSS Score
0.45%
Published
2012-04-11
Updated
2017-09-19
The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.
Max CVSS
2.6
EPSS Score
1.24%
Published
2010-05-12
Updated
2018-10-10
yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or force the download and installation of official Red Hat packages that were not requested.
Max CVSS
2.6
EPSS Score
0.13%
Published
2008-08-18
Updated
2017-09-29
Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-09-17
Updated
2017-10-11
usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of service (iscsid exit or iSCSI connection loss).
Max CVSS
2.1
EPSS Score
0.34%
Published
2007-06-14
Updated
2017-10-11
A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-08-11
Updated
2017-10-11
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-10-25
Updated
2017-10-11
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
Max CVSS
2.6
EPSS Score
0.11%
Published
2005-12-31
Updated
2018-10-19
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2017-10-11
The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled.
Max CVSS
2.1
EPSS Score
0.06%
Published
2005-05-18
Updated
2017-10-11
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-03-09
Updated
2018-10-03
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
Max CVSS
2.1
EPSS Score
0.06%
Published
2005-05-02
Updated
2017-10-11
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-07
Updated
2018-08-13
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!