| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-3753 |
125 |
|
|
2022-02-16 |
2022-12-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality. |
|
2 |
CVE-2021-3602 |
212 |
|
|
2022-03-03 |
2022-10-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials). |
|
3 |
CVE-2021-3533 |
362 |
|
|
2021-06-09 |
2022-04-25 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. |
|
4 |
CVE-2020-25656 |
416 |
|
|
2020-12-02 |
2022-10-25 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. |
|
5 |
CVE-2020-10685 |
459 |
|
|
2020-05-11 |
2022-11-29 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. |
|
6 |
CVE-2020-1746 |
200 |
|
+Info |
2020-05-12 |
2021-10-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. |
|
7 |
CVE-2020-1740 |
377 |
|
|
2020-03-16 |
2022-04-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. |
|
8 |
CVE-2019-18660 |
200 |
|
+Info |
2019-11-27 |
2020-01-28 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Linux kernel before 5.4.1 on powerpc allows Information Exposure because the Spectre-RSB mitigation is not in place for all applicable CPUs, aka CID-39e72bf96f58. This is related to arch/powerpc/kernel/entry_64.S and arch/powerpc/kernel/security.c. |
|
9 |
CVE-2019-12400 |
20 |
|
|
2019-08-23 |
2022-04-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. |
|
10 |
CVE-2019-11244 |
732 |
|
|
2019-04-22 |
2020-10-02 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. |
|
11 |
CVE-2019-6648 |
532 |
|
|
2019-09-04 |
2023-02-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. |
|
12 |
CVE-2019-2634 |
|
|
|
2019-04-23 |
2023-01-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |
|
13 |
CVE-2019-2536 |
|
|
|
2019-01-16 |
2023-01-31 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:H). |
|
14 |
CVE-2019-2535 |
|
|
|
2019-01-16 |
2023-01-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 8.0.13 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
15 |
CVE-2018-16888 |
269 |
|
|
2019-01-14 |
2022-01-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
It was discovered systemd does not correctly check the content of PIDFile files before using it to kill processes. When a service is run from an unprivileged user (e.g. User field set in the service file), a local attacker who is able to write to the PIDFile of the mentioned service may use this flaw to trick systemd into killing other services and/or privileged processes. Versions before v237 are vulnerable. |
|
16 |
CVE-2018-14650 |
732 |
|
|
2018-09-27 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
It was discovered that sos-collector does not properly set the default permissions of newly created files, making all files created by the tool readable by any local user. A local attacker may use this flaw by waiting for a legit user to run sos-collector and steal the collected data in the /var/tmp directory. |
|
17 |
CVE-2018-10846 |
385 |
|
|
2018-08-22 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets. |
|
18 |
CVE-2018-5407 |
203 |
|
|
2018-11-15 |
2020-09-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. |
|
19 |
CVE-2018-0495 |
203 |
|
|
2018-06-13 |
2020-08-24 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
20 |
CVE-2017-10268 |
|
|
|
2017-10-19 |
2022-09-29 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). |
|
21 |
CVE-2017-3318 |
|
|
|
2017-01-27 |
2022-09-29 |
1.0 |
None |
Local |
High |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). |
|
22 |
CVE-2017-3317 |
|
|
|
2017-01-27 |
2022-09-29 |
1.5 |
None |
Local |
Medium |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). |
|
23 |
CVE-2017-3313 |
|
|
|
2017-01-27 |
2022-10-06 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). |
|
24 |
CVE-2017-2665 |
522 |
|
|
2018-07-06 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The skyring-setup command creates random password for mongodb skyring database but it writes password in plain text to /etc/skyring/skyring.conf file which is owned by root but read by local user. Any local user who has access to system running skyring service will be able to get password in plain text. |
|
25 |
CVE-2016-7466 |
772 |
|
DoS |
2016-12-10 |
2023-02-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device. |
|
26 |
CVE-2016-4980 |
330 |
|
|
2019-11-27 |
2023-02-12 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
A password generation weakness exists in xquest through 2016-06-13. |
|
27 |
CVE-2016-0609 |
|
|
|
2016-01-21 |
2019-12-27 |
1.7 |
None |
Remote |
High |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. |
|
28 |
CVE-2015-5313 |
22 |
|
Dir. Trav. |
2016-04-11 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name. |
|
29 |
CVE-2015-4792 |
|
|
|
2015-10-21 |
2022-09-15 |
1.7 |
None |
Remote |
High |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. |
|
30 |
CVE-2015-3142 |
200 |
|
+Info |
2017-06-26 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensitive information by leveraging write permissions to the working directory of a crashed application. |
|
31 |
CVE-2014-5177 |
20 |
|
|
2014-08-03 |
2019-04-22 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. |
|
32 |
CVE-2014-4652 |
362 |
|
+Info |
2014-07-03 |
2020-08-14 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. |
|
33 |
CVE-2014-3647 |
|
|
DoS |
2014-11-10 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. |
|
34 |
CVE-2014-0179 |
20 |
|
DoS |
2014-08-03 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a denial of service (read block and hang) via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virConnectCompareCPU or (2) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT per ADT3 due to different affected versions of some vectors. CVE-2014-5177 is used for other API methods. |
|
35 |
CVE-2014-0058 |
310 |
|
|
2014-02-26 |
2017-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. |
|
36 |
CVE-2014-0018 |
264 |
|
|
2014-02-14 |
2017-01-07 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment. |
|
37 |
CVE-2013-7336 |
|
|
DoS |
2014-05-07 |
2018-10-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. |
|
38 |
CVE-2013-4481 |
362 |
|
+Info |
2013-11-23 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets." |
|
39 |
CVE-2013-4259 |
264 |
|
|
2013-09-16 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. |
|
40 |
CVE-2013-2217 |
59 |
|
|
2013-09-23 |
2019-04-22 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. |
|
41 |
CVE-2013-1921 |
310 |
|
|
2013-09-28 |
2014-03-08 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. |
|
42 |
CVE-2013-0223 |
119 |
|
DoS Overflow |
2013-11-23 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca function. |
|
43 |
CVE-2013-0200 |
59 |
|
|
2013-03-06 |
2023-02-13 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722. |
|
44 |
CVE-2012-6548 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. |
|
45 |
CVE-2012-6546 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. |
|
46 |
CVE-2012-6545 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
47 |
CVE-2012-6544 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. |
|
48 |
CVE-2012-6542 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. |
|
49 |
CVE-2012-6538 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. |
|
50 |
CVE-2012-6537 |
200 |
|
+Info |
2013-03-15 |
2019-04-22 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. |
