- Home
- CVEs with nessus.description==A+flaw+was+discovered+in+the+Kernel+Virtual+Machine%27s+%28KVM%29+emulation+of+the+SYSTENTER+instruction+when+the+guest+OS+does+not+initialize+the+SYSENTER+MSRs.+A+guest+OS+user+could+exploit+this+flaw+to+cause+a+denial+of+service+of+the+guest+OS+%28crash%29+or+potentially+gain+privileges+on+the+guest+OS.+%28CVE-2015-0239%29%0A%0AAndy+Lutomirski+discovered+an+information+leak+in+the+Linux+kernel%27s+Thread+Local+Storage+%28TLS%29+implementation+allowing+users+to+bypass+the+espfix+to+obtain+information+that+could+be+used+to+bypass+the+Address+Space+Layout+Randomization+%28ASLR%29+protection+mechanism.+A+local+user+could+exploit+this+flaw+to+obtain+potentially+sensitive+information+from+kernel+memory.+%28CVE-2014-8133%29%0A%0AA+restriction+bypass+was+discovered+in+iptables+when+conntrack+rules+are+specified+and+the+conntrack+protocol+handler+module+is+not+loaded+into+the+Linux+kernel.+This+flaw+can+cause+the+firewall+rules+on+the+system+to+be+bypassed+when+conntrack+rules+are+used.+%28CVE-2014-8160%29%0A%0AA+flaw+was+discovered+with+file+renaming+in+the+linux+kernel.+A+local+user+could+exploit+this+flaw+to+cause+a+denial+of+service+%28deadlock+and+system+hang%29.+%28CVE-2014-8559%29%0A%0AA+flaw+was+discovered+in+how+supplemental+group+memberships+are+handled+in+certain+namespace+scenarios.+A+local+user+could+exploit+this+flaw+to+bypass+file+permission+restrictions.+%28CVE-2014-8989%29%0A%0AA+flaw+was+discovered+in+how+Thread+Local+Storage+%28TLS%29+is+handled+by+the+task+switching+function+in+the+Linux+kernel+for+x86_64+based+machines.+A+local+user+could+exploit+this+flaw+to+bypass+the+Address+Space+Layout+Radomization+%28ASLR%29+protection+mechanism.+%28CVE-2014-9419%29%0A%0APrasad+J+Pandit+reported+a+flaw+in+the+rock_continue+function+of+the+Linux+kernel%27s+ISO+9660+CDROM+file+system.+A+local+user+could+exploit+this+flaw+to+cause+a+denial+of+service+%28system+crash+or+hang%29.%0A%28CVE-2014-9420%29%0A%0AA+flaw+was+discovered+in+the+fragment+handling+of+the+B.A.T.M.A.N.%0AAdvanced+Meshing+Protocol+in+the+Linux+kernel.+A+remote+attacker+could+exploit+this+flaw+to+cause+a+denial+of+service+%28mesh-node+system+crash%29+via+fragmented+packets.+%28CVE-2014-9428%29%0A%0AA+race+condition+was+discovered+in+the+Linux+kernel%27s+key+ring.+A+local+user+could+cause+a+denial+of+service+%28memory+corruption+or+panic%29+or+possibly+have+unspecified+impact+via+the+keyctl+commands.%0A%28CVE-2014-9529%29%0A%0AA+memory+leak+was+discovered+in+the+ISO+9660+CDROM+file+system+when+parsing+rock+ridge+ER+records.+A+local+user+could+exploit+this+flaw+to+obtain+sensitive+information+from+kernel+memory+via+a+crafted+iso9660+image.+%28CVE-2014-9584%29%0A%0AA+flaw+was+discovered+in+the+Address+Space+Layout+Randomization+%28ASLR%29+of+the+Virtual+Dynamically+linked+Shared+Objects+%28vDSO%29+location.+This+flaw+makes+it+easier+for+a+local+user+to+bypass+the+ASLR+protection+mechanism.+%28CVE-2014-9585%29%0A%0ADmitry+Chernenkov+discovered+a+buffer+overflow+in+eCryptfs%27+encrypted+file+name+decoding.+A+local+unprivileged+user+could+exploit+this+flaw+to+cause+a+denial+of+service+%28system+crash%29+or+potentially+gain+administrative+privileges.+%28CVE-2014-9683%29.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Ubuntu+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top